Title: Arun Kumar Pati
1QUANTUM CRYPTOGRAPHY
- Arun Kumar Pati
- Institute of Physics
- Bhubaneswar-751005, Orissa
- and
- Bhabha Atomic Research Center, Mumbai, India
email akpati_at_iopb.res.in
2 QUANTUM THEORY
? Quantum theory is the most successful physical
theory of our time. This theory could explain
nearly all the physical phenomena of the everyday
world. ? The applications include transistors,
lasers, nanodevices, and many more. Quantum
theory explains behavior of electrons, nuclei,
atoms, molecules, solids, and even macroscopic
systems such as superconductors. ? Quantum
theory now enters the domain of information
theory. Unification of these two theories has
lead to a new area of research --- what we call
quantum information theory.
3 Quantum Mechanical Postulates
- State of an isolated system is described by a
state vector ?? in a Hilbert space H, with
dim(H) N. The state vector contains all the
information about a quantum system. - Evolution of a closed system is described by a
unitary evolution ?? ? ?? U ??
(Schrödinger equation). - To every observable there is associated a linear
Hermitian operator A. This satisfies an
eigenvalue equation A n? a n?, n1,2N,
where n? are the eignstates and a are the
non-degenerate eigenvalues of the observable A.
n
n
4 Postulates...
- If the system is in an arbitrary state ?? ? C
n? and a measurement of A is being performed,
then it will yield an eigenvalue a with a
probability C .
(i)
If we know the measurement outcome, then the
state makes a transition to the nth eigenstate,
i.e, ?? ? n? . (ii) If we do not
know the measurement outcome, then the state
after measurement is described by a mixture,
i.e., ?? ?? ? ?
C n?? n .
n
n
2
n
n
2
n
n
This is von Neumanns collapse postulate, also
known as reduction of the state vector. We
need this, yet we do not know how and when does
this occur?
5 Postulates...
The Hilbert space of a composite quantum
system is the tensor product of the individual
Hilbert spaces of the physical systems. If we
have a composite system consisting of two
subsystems, then the total Hilbert space H H1 ?
H2 .
1
. When we have a composite system consisting of
two or more subsystems, then the state of the
composite object could be in an entangled state.
This is basically superposition of product basis
states that itself cannot be written as a direct
product of two or more pure states for individual
subsystems.
6 Quantum Bit (QUBIT)
- A classical bit can remain either in 0 or in 1,
but a qubit can remain simultaneously in ?0 ? and
?1?. - Take ?H ? ?0 ? and ?V ? ?1? as two distinct
horizontal and vertical polarization states of a
photon. Then by linear superposition principle
any arbitrary state such as ???
? ?H ? ??V ? ? ?0? ??1 ? is also a logical
state. - Any arbitrary state of a two state system is a
qubit. An electron spin state such as ??? ? ?? ?
??? ? is also a qubit. - This inherent parallelism is responsible for
quantum computation and host of other tasks.
7Qubit on a Bloch sphere
?0?
z
???
?
x
?
y
?1?
??? ? ?0 ? ??1? cos ?/2 ?0 ? sin ?/2 exp(
i ? ) ?1 ?
8 A qubit keeps its privacy
- If we know the complex amplitudes (for a qubit
two real numbers), then the qubit is known.
That is we know its exact location on the Bloch
sphere. If we do not know them, then a qubit is
in an unknown state. - How many bits do we need to specify a qubit? We
need infinite amount of bits! (As we need to
specify two real numbers in bits.) A qubit
contains both quantum and classical information.
Even though it has large amount of information,
we can extract only one bit by a measurement!
Most of the information is hidden from us.
9Determining a qubit
- To determine the state of a qubit we need an
ensemble of identically prepared quantum states
(infinite number of them). - If we have a finite N number of identical
prepared qubits the fidelity of state
determination is only (N1)/(N2). - Given a single qubit we cannot determine its
state completely. - Can one make copies of a single qubit in an
arbitrary state and then determine its state?
S. Masar and S. Popescu, PRL 74 (1995) 1259.
10 DETERMINISM VS INDETERMINISM
? Quantum system suffers two kinds of changes
(i) Deterministic and (ii)
probabilistic. ? Unitary evolution (the
Schrödinger equation) is completely deterministic
(as deterministic as Newtons equation) and
reversible. ? Probabilstic element enters when
we perform a measurement on the quantum system.
Quantum theory does not tell you with certainty
what will be the outcome of an measurement in a
single run of the experiemnt. ? Measurement
process is not a unitary and hence irreversible.
11 QUANTUM ENTANGLEMENT
(ANOTHER WIERDEST FEATURE)
? If a composite system consisting of two or
more subsystems is in a superposition of product
basis states that itself cannot be written as a
direct product of two or more pure states for
individual subsystems then it is an entangled
state, i.e., it cannot be written as ??? ???
????. ? This is an attribute of a composite
system where we cannot associate an individual
pure state to its subsystems. ? A pure
two-qubit entangled state can always be written
as ??? a ?0??0? b ?0??1?c ?1??0?d ?1?
?1?
12 SCHRÖDINGER
- Schrödinger (1935) I would not call
entanglement one but rather the characteristic
trait of quantum mechanics, the one that enforces
its entire departure from classical lines of
thought.
13 ENTANGLMENT IS A RESOURCE
- Quantum mechanical entangled states are at the
center stage of quantum information theory
because they have many fundamental and practical
applications. - These include quantum computing, quantum
cryptography, quantum dense coding, quantum
teleportation, remote state preparation, remote
state measurement, telecloning, quantum secret
sharing and so on. - Without quantum entanglement these tasks will be
impossible or may require infinite amount of
other resources.
14ENTANGLEMENT IS PHYSICAL
Information is physical R. Landauer.
- Storage and processing of entanglement requires
physical systems and physical laws. - Entanglement can be used to do informational
work. - Entanglement properties are independent of
physical representations. For example one unit of
entanglement (ebit) can be manifested in a
variety of ways
1. Two-spin half particles 2. Photon
polarizations 3. Atomic states
15 Quantum vs Classical
- Quantum information differs from classical
information in many ways. - Classical information can be copied and deleted
but quantum information cannot be. - Classical information can be read without
disturbance but quantum information cannot be.
16 Cloning of a Quantum state
- We can copy classical information perfectly. For
example, a classical bit can be cloned via 0 0 ?
0 0 and 1 0 ? 1 1. - Can we clone an unknown qubit?
- Quantum cloning operation for a qubit is a linear
operator that acts jointly on the input, blank
and ancilla states as ?????0 ? ??A ? ?
????????A?? - Here, ?0 ? is the blank state, ?A ? and A?? are
the initial and final states of the cloning
machine. - If one can satisfy the above transformation for
an arbitrary input, then we could design a
quantum cloning (Xerox) machine.
17 Quantum Xerox Machine
???
???
CLONING
?0 ?
???
- By the linearity of quantum evolution we can show
that an arbitrary state of a single quantum
cannot be cloned perfectly. This is called the
no-cloning Theorem. - However, if we know a state we can clone it
perfectly. For example, if a qubit is either in
?0 ? or?1 ?, then it can be cloned perfectly.
W. K. Wootters and W. H. Zurek, NATURE, 299
(1982) 802.
18 No-Cloning from Linearity
- Let there be a cloning machine that copies a
single qubit in an orthogonal state - 0?? 0? ?A? ? 0??
0??A0?. - 1? ?0? ?A?
? 1?? 1??A1?. - If we send an unknown qubit through the cloning
machine, we will have ??? 0?? A? ?
?0??0??A? ??1 ??0??A?
? ? 0??0??A0? ? 1??1??A1?. - Ideally the cloning machine should produce a
state ????????A?? ?0??0??1??1? ?
?(0??1?1??0?) ?A?? - These states cannot be equal. Thus, it is
impossible to copy an unknown state perfectly
the no-cloning Theorem.
2
2
19 Importance of No-cloning
- No-cloning is one of the hall mark feature of
quantum information. - Since it is fundamental to understand the
limitations on quantum information, i.e. what we
can do and what we cannot do. There stands the
no-cloning principle. - It is the no-cloning principle which provides
security to information stored in quantum states
and has great application in quantum cryptography.
20 No cloning from unitarity
- Can we clone two non-orthogonal states ? If so,
we would have ?1? 0? A? ? ?1? ?1? A1?
?2? 0? A? ?
?2? ?2? A2? - Unitarity must preserve the inner product. This
implies we must have ??1 ?2? ? ??1 ?2?
which is a contradiction. - Thus two non-orthogonal states cannot be cloned
by a unitary machine. However, a qubit in any
one of the two orthogonal states can be cloned
unitarily.
2
H. P. Yuen, PLA 113 (1986) 405.
21 Deleting quantum information
???
???
DELETING
???
?0 ?
- Suppose Alice prepares two copies of a qubit and
asks Bob (who do not have the complete knowledge)
to delete a copy, keeping the other intact. Can
Bob do that? - It is impossible to delete a copy from two
identical copies The no-deleting theorem.
A. K. Pati and S. L. Braunstein, NATURE, 404
(2000) 164.
22Deletion and erasure
- In classical world if we have two identical bits
such as 00 or 11, then we can delete one copy
against the other in a reversible manner via 0 0
? 0 0 and 1 1 ? 1 0. - Primitive deletion or erasure operation
resets the last bit to a standard bit
irrespective of all others, e.g., 01101 ? 01100 .
This can take a collection of unordered bits to a
collection of ordered bits, hence
thermodynamically irreversible. - Erasure of a single bit at temperature T needs k
T log 2 amount of energy a result known as
Landauers principle. - Classical deletion against a copy takes an
ordered set to an ordered set, hence logically
reversible.
R. Landauer, IBM J. Res. Dev. 5 (1961) 183.
23Deleting an unknown qubit
- Can we delete an unknown qubit from two identical
copies? - ??????? ??A ? ? ?????0? ?A?? ?
- Here ?0? is the blank state and ?A ? and A??
are the initial and final states of the cloning
machine. - We do not want that quantum information should be
hidden anywhere in the deleting machine, or any
other part of the universe . - By the linearity of quantum evolution one can
show that a single copy of an arbitrary state of
a qubit cannot be deleted perfectly.
24 No deleting Theorem
- Action of the deleting machine on a pair of
qubits in the orthogonal states
?0??0??A ? ? ?0??0?A0?
and ?1??1??A ? ? ?1??0?A1? - If two qubits are not identical, or entangled
then the final state can be an entangled state of
the two qubits and the ancilla
1/?2 (?0??1? ?1??0?)?A ? ? ??? - Because of the linear nature of the deleting
transformation it is not the time reverse of
cloning operation. - If we send an unknown state then by linearity we
will have
25 No deletion...
- The output state is a quadratic polynomial in ?
and ?. The desired state is only (? ?0? ? ?1?
)A??. Since the actual and desired states are in
general different, we cannot design an all
purpose deletion machine. - However, there is a choice that makes the actual
and desired state equal - Since the final state is normalized for all ? and
?, this implies that the ancilla states A0? and
A1? are orthogonal. But this choice suggests
that the final state of the ancilla is not
independent of ? and ?.
26 No deletion...
- This choice is not deletion but swapping of an
unknown qubit onto two-dimensional subspace of
the ancilla (hiding of quantum information in the
deleting machine). - Thus linearity allows one to move around quantum
information instead of perfect deletion. This is
called the no-deleting Theorem. - Like cloning, if we know a qubit we can delete
it perfectly. For example, if we have two
identical qubits either in ?0 ? or 1 ?, then
we can transform ?0??0? ? ?0??0? and ?1??1? ?
?1??0?. Thus it can be deleted perfectly.
A. K. Pati and S. L. Braunstein, NATURE, 404
(2000) 164.
27Information gain and Disturbance
- Given two non-orthogonal state, any operation
revealing the identity must disturb the state. - One can prepare an ancilla, couple to system and
evolve ?1? A? ?
?1?A1? and ?2? A? ? ?2? A2?. - After evolution, Eve may take the ancilla and
leave the original system. Then she may try to do
measurement on the ancilla and learn about the
quantum states. - Unitary evolution preserves the inner product. We
must have ??1 ?2?
??1 ?2? ?A1 A2? - If ??1 ?2? ? 0, then ?A1 A2? 1, i.e., A1?
A2?. So final state of the ancilla is
independent of the input. Thus, measurement of
ancilla will not tell anything about the identity
of the state.
28QUANTUM INFORMATION SCIENCE
QUANTUM CRYPTOGRAPHY
QUANTUM COMPUTATION
QUANTUM COMMUNICATION
29 QUANTUM INFORMATION THEORY
Quantum Communication
Quantum Computation
Quantum Cryptography
Teleportation
Algorithms
BB84 scheme
Dense Coding
Computational Complexity
Entangled state based scheme
Remote state preparation
Decoherence Error Correction
Secret sharing
Remote control
Experimental Implementations
30 QUANTUM INFORMATION
? One of the main goal in quantum information
theory is how well we can store, process and
transfer the vast amount of information contained
in the quantum state using principles of quantum
theory. ? Quantum mechanical features like
superposition, entanglement, and non-locality are
exploited for practical applications and
sometimes doing amazing tasks which are
impossible otherwise.
31 QUANTUM COMMUNICATION
Sending quantum information according to quantum
rules using given resources. Alice and Bob are
not allowed to send quantum particles directly
but allowed to do local operation and classical
communication (LOCC).
Classical Channel
Unitary/ Measurement operations
Unitary / Measurement operations
Quantum Channel
ALICE
A
BOB
32- Quantum information theory has revolutionized the
way in which information is processed using
quantum resources such as entangled states, local
operations and classical communications (LOCC). - ? Examples Quantum Teleportation, Remote state
preparation, Secret sharing, Quantum Cryptography
and many more
33 Cryptography (Classical)
- Cryptography may be defined as the art of
encrypting and decrypting messages in codes in
order to ensure their confidentiality and
authenticity. - The fundamental task of cryptography is to allow
two users to render their communication
unintelligible to any third party, while for the
two legitimate users the message remain
intelligible.
34Symmetric-key Cryptography
- Data encrypted and decrypted with same key
- Classical examples Caesar cipher and one-time
pad
35Caesar Cipher (n3) (Review)
- If we use the algorithm of simply moving each
letter n places down the alphabet (here n3) then
the original alphabet we were using, or the Plain
Text becomes the following Cipher Text, as
follows
36Encrypting a Message
- Bob wants to send a secret message to his friend
Alice. He encrypts his message with the key of
n3 - "This is a secret message" becomes
- "Wklv lv d vhfuhw phvvdjh"
37Decrypting a Message
- Alice receives Bob's encrypted message. If she is
knows the key (n3) she decrypts the message by
reversing the encryption process. She takes the
ciphertext - "Wklv lv d vhfuhw phvvdjh"
- and applies the Caesar Cipher using her key to
render it - "This is a secret message"
38 Vernam Cipher (One time Pad)
- Vernam (1917) proposed a cryptosystem where each
letter is advanced by a random of positions in
the alphabet. - These random numbers form the cryptographic key
that must be shared between Alice and Bob. - Even though the Vernam cipher offers
unconditional security against Eve possessing
unlimited computational power, it faces the
problem of how to securely distribute the key.
39 One Time Pad
- The principle of the cipher is that if a random
key is added to a message, the bits of the
resulting string are also random and carry no
information about the message. - The encryption algorithm E can be written as
EK(M) (M1K1, M2K2, MnKn) mod 2, where M
(M1, M2, Mn) is the message to be encrypted and
K (K1, K2, Kn) is the key consisting of random
bits. The message and key are added bitwise
modulo 2. - The decryption of cipher text C EK(M) is given
by M DK(C) (C1K1, C2K2, CnKn) mod 2.
40 Security of One time Pad
- Three requirements on key (1) The key must be as
long as the message, (2) it must be purely
random, (3) it may be used only once. - The drawback of One time pad is the necessity to
distribute a secret key as long as the message. - Here, quantum information theory comes in handy
and readily offers a solution. Quantum
cryptography helps to generate a secret key. - Also, it gives the power to detect eavesdropping.
41 BB84 CRPTOGRAPHY PROTOCOL
Random measurements
CLASSICAL CHANNEL
Random bits and bases
QUANTUM CHANNEL
In the end they share a secret key
ALICE
BOB
C. H. Bennett and G. Brasard, IEEE Conference on
Computers, Systems and Siganls Processing,
Bangalore, India (1984), p 175-179.
42- Bennett and Brasard (1984) originally used
photon polarization states to transmit the
information. - The sender (Alice) and the receiver (Bob) are
connected by a quantum communication channel
which allows quantum states to be transmitted. - In the case of photons this channel can be an
optical fibre or simply free space. In addition,
they need a public classical channel (broadcast
radio, the internet or phone). - Neither of these channels need to be secure.
BB84 protocol is designed with the assumption
that an eavesdropper (Eve) can interfere with
both channels.
43- The security of the protocol comes from encoding
the information in non-orthogonal states. - These states cannot in general be measured
without disturbing and cannot be cloned. - BB84 uses two pairs of states, with each pair
conjugate to the other pair, and the two states
within a pair orthogonal to each other. Pairs of
orthogonal states are referred to as a basis. - Qubit pairs used are either Z basis (0? and 1?
) or X basis (? and -?), where Z and X are
Pauli matrices with z and x components. -
44 BB84 PROTOCOL
- Alice and Bob have agreed that 0? and ? stand
for bit value 0, and 1? and -? stand for a
bit value 1. - Alice generates a sequence of random bits, and
randomly and independently for each bit she
chooses her encoding basis, Z or X. - Physically, it means that she transmits qubits
in four states 0?, 1?, ?, and -? with
equally distributed frequency.
45BB84
- Bob randomly and independently of Alice, chooses
his measurement bases, either Z or X. - Statistically, their bases coincide in 50 of
cases, when Bobs measurements provide
deterministic outcomes and perfectly agree with
Alices bit. - Alice and Bob use a public channel to tell each
other what basis they had used for each
transmitted and detected qubit. This classical
channel may be tapped, because it transmits only
information about the used bases, not about the
particular outcomes of the measurement.
46BB84
- Whenever their bases coincide, Alice and Bob keep
the bit. The bit is discarded when they chose
different bases or Bob did not receive the qubit
(if it was lost somewhere on the way). This way
they generate a secret key. - Any eavesdropper (Eve) who listens this
conversation can only learn whether Alice and Bob
choose Z or X basis, but not whether Alice had
sent a 0 or 1. - If Eve has gained any information about the
qubit, this will have introduced errors in Bobs'
measurements. If more bits differ they abort the
key and try again, possibly with a different
quantum channel, as the security of the key
cannot be guaranteed.
47 BB84 Table
48 Eve
- The security of BB84 quantum cryptography
protocol comes from laws of quantum theory. - Eve cannot make copy of quantum states and learn
(the no-cloning theorem). Nor can she learn the
identity of quantum states without disturbance. - If Alice is sending identical secret messages to
two people, then Eve cannot delete one message
(the no-deleting theorem).
49World Premiere Bank Transfer via Quantum
Cryptography
- Press conference and demonstration of the
ground-breaking experiment - 21 April 2004, 1130, Vienna City Hall
Steinsaal - A collaboration of group of Professor Anton
Zeilinger, Vienna University ARC Seibersdorf
research - GmbH City of Vienna Wien Kanal
Abwassertechnologien GmbH and Bank Austria
Creditanstalt - Today, the Bank Austria Creditanstalt has, on
behalf of the City of Vienna, performed the
Worlds first bank transfer encoded via quantum
cryptography. This novel technology was
demonstrated by the group of Professor Anton
Zeilinger, Vienna University in collaboration
with the group Quantum Technologies (Information
Technologies Division) of Seibersdorf research.
The bank transfer was initiated by Viennas Mayor
Dr. Michael Häupl, and executed by the Director
of the Bank Austria Creditanstalt, Dr. Erich
Hampel. The information was sent via a glass
fiber cable, laid by the company Wien Kanal
Abwassertechnologien from the Vienna City Hall to
the Bank Austria Creditanstalt branch office
Schottengasse.
50 SUPER DENSE CODING
? If we send a single qubit we can convey one
bit of classical information. ? The presence of
entanglement between sender and receiver can
double the capacity of classical information. If
a qubit is entangled with another qubit
previously shared with receiver then sender can
communicate two classical bits----called super
dense coding. ? So entanglement not only plays an
important role in quantum communication but also
in classical communication.
C. H. Bennett and S. J. Wiesner, Phys. Rev. Lett.
69, 2881 (1992).
512 CBITS
2 CBITS
QUBIT
M
Ui
DECODING
EPR
ENCODING
52 PROTOCOL FOR SUPER DENSE CODING
? Alice and Bob have previously shared an EPR
pair or any one of the four Bell states (say)
B0? 1/?2(?? ? ?? ? ?? ? ?? ? ) ? Two
classical bits such as 00, 01, 10, and 11 are
encoded in four unitary operators I, ?x, i?y
and ?z. ? Alice applies one of these unitary
operators to her particle locally. When she
applies I, we have I ?I B0? B0? When she
applies ?x, we have ?x ?I B0? B2? When she
applies i?y, we have i?y ?I B0? B3? When she
applies ?z, we have ?z ?I B0? B1?
53? After applying unitary operator Alice sends her
qubit to Bob. ? Bob has two qubits in the state
which is either B0?, B1?, B2? or B3? .
Because these are mutually orthogonal, he can do
a projective measurement on the two qubits and
extract two classical bits with certainty. ?
Thus, by sending a single qubit Alice can
communicate two classical bits of information to
Bob. This enhancement of classical capacity is
called super dense coding. ? Note that without
previously shared entanglement this is
impossible. That is, if the qubit that is being
sent by Alice is not a part of an entangled pair
this cannot happen.
54 QUANTUM COMMUNICATION
? Quantum Cryptography ? Quantum Secret Sharing ?
Quantum Data Hiding ? Quantum Remote Control ?
Quantum Tele Cloning ? ? ?
55 CONCLUSION
? Quantum state contains a vast amount of
inaccessible information. How well we can store
and process this information? ? Quantum
information cannot be copied and deleted. Any one
trying to tamper can be detected. ? Quantum
Computing, Quantum Communication and Quantum
Cryptography are some of the emerging areas of
future research. ? Quantum theory provides us a
handy way to share secret key. ? Its security is
guaranteed by fundamental laws of quantum
theory ? And there are many more amazing things
one can do with quantum information and
communication.
56THANKS