Quantum cryptography will completely replace classical cryptography

Quantum cryptography - security through quantum effects

Whether correspondence, telephone conversation or e-mail: every communication channel can be tapped. The aim of cryptography - the science of encryption - is to make life as difficult as possible for spies. Modern encryption methods work with randomly generated one-time keys. But the exchange of such a key can also be eavesdropped. Quantum effects offer a remedy: if an eavesdropper is listening in, he disrupts the transmitted information and is thereby exposed.

The issue of security is playing an increasingly important role in our lives - from protection against terrorism to securing energy supplies to safety in road traffic. Information can also be valuable and must be protected - not just industrial and military secrets, but also, for example, access data to bank accounts. But documents can fall into the wrong hands, telephones can be tapped and Internet connections tapped. In many cases, the spy leaves no trace. It is bad enough when a secret has been betrayed - but it is even worse when we have no knowledge of the betrayal.

It is therefore hardly surprising that the science of encrypting information, known as cryptography, is almost as old as humanity itself. The Spartans used the Skytale method in ancient Greece, Julius Caesar used the substitution and in World War II played the famous one Enigma cipher machine plays an important role.

Symmetrical encryption with random key

Modern cryptographic systems consist of two parts, the key and the algorithm. The algorithm describes how the key must be applied to the original information. In the case of a text, for example, the algorithm could be the exchange of letters and the key would then indicate which letter is exchanged for which.

An information-theoretic "unbreakable" encryption is obtained if you use a randomly generated key that is exactly as long as the information to be encrypted itself (one time pad, One-time encryption).

Today it is generally assumed that the spy knows the encryption process, i.e. the algorithm. The security of the encryption is therefore based on the confidentiality of the key used. If it is possible to distribute an identical key to two communication partners, from now on called "Alice" and "Bob", a message can be securely encrypted and decrypted again. With such a "symmetrical key distribution" it must of course be ensured that the key does not fall into the hands of a spy. From now on we want to call this possible listener "Eve" (from "Eavesdrop", engl. for eavesdropping).

The search for an absolutely secure encryption process is reduced to the secure symmetrical key distribution. This is exactly where quantum cryptography, or more precisely: the quantum key distribution, comes into play. quantum key distribution): It offers a secure solution to the problem of key distribution.

The basic idea

The main difference between quantum cryptography and classic key distribution is that the information is encoded on individual quantum systems, the so-called qubits. Individual photons are used as carriers. In conventional forms of transmission, on the other hand, the information is encoded in pulses made up of many photons, with all photons of a pulse carrying the same information. In this way, Eve can take out some of the photons of the strong pulse in order to read out the information. In quantum cryptography, each bit of information sits on a single photon. Eve cannot simply branch off these photons, because then they would never get to Bob and could no longer become part of the key.

Instead, Eve could try to measure the photon and thus obtain the information. But this is where quantum physics throws a spanner in the works. Because the quantum laws do not allow measurements to be carried out on quantum states without influencing them. The same laws also forbid Eve to generate an identical copy of the photon (“no-cloning theorem”) and to carry out the measurements on this copy in order to remain undetected. Whenever Eve tries to eavesdrop on the key, she inevitably changes the quantum state of a qubit. These changes show up as errors in the transmission between Alice and Bob. Alice and Bob therefore know whether the key has been tapped - even before they use it to encrypt the message.

This is the new thing about quantum cryptography: It enables secure key distribution based on quantum physical laws. In the event of eavesdropping, the communication partners are warned and can simply discard the key. Since only one key was tapped, the secret information itself is still secure.

The BB84 protocol

How does quantum cryptography work in detail? In order to store the information on individual photons, one often uses the state of polarization, i.e. the direction of the oscillations of the photon's electric field.

Alice encodes the classic bit values ​​0 and 1 of the key in the form of certain polarization states. Only orthogonal - i.e. mutually perpendicular - states are allowed to be used, because only these can be completely differentiated by Bob with a measurement and thus read out the values ​​0 and 1 again. A pair of such orthogonal states are, for example, the horizontal and vertical polarization (H / V basis).

Schematic mode of operation of the BB84 protocol

So Alice codes 0 as H and 1 as V and sends these photons to Bob. This can measure in the H / V basis and always receives the same result of the polarization and thus the values ​​coded by Alice. In principle, an identical classic bit key could thus be exchanged between Alice and Bob. But this transmission is not yet secure against eavesdropping. Eve could simply carry out a measurement in the base H / V, determine the polarization, then generate and transmit a photon of the same polarization and thus receive the encoded information.

In order to make the transmission of the key secure against eavesdropping, Alice has to use a second base rotated 45 degrees from H / V. In this base +/-, 0 and 1 correspond to a polarization at angles of +45 and -45 degrees. When generating the key, Alice now randomly chooses the base for each individual bit of the key and sends the photon prepared in this way to Bob.

When measuring, Bob has to choose between the bases H / V or +/-. In half the cases, Bob measures on the same basis that Alice coded the information. In this case its results are correct and a bit for the key can be saved. In the other cases, Bob measures on a basis that does not match that chosen by Alice. Since a horizontally prepared photon is measured with the same probability at +45 or -45 degrees, there are no correlations in this case and the photon cannot be used for the key.

Of course, in order to know which photons can actually be used for the key, Alice and Bob have to exchange their base choice for each photon. After the key data has been transferred, this can even be done publicly. Because the information about the base alone does not allow any conclusions to be drawn as to which bit value was encoded with it. This means that eavesdroppers cannot find out anything about the secret key if they only listen in on the basic comparison.


The security of this "BB84" protocol, developed in 1984 by Charles H. Bennett and Gilles Brassard, relies on the fact that the rules of quantum physics make it impossible for Eve to determine in which base (H / V or +/-) Alice has encoded the individual photons of the key. So Eve doesn't know what basis to measure. If it randomly selects the correct base, it actually receives the full information of this photon and also goes unnoticed. But if Eve chooses incorrectly, her measurement changes the polarization state. Because the polarization of the photon naturally corresponds to the measurement result after the measurement. A photon horizontally polarized by Alice is repolarized by Eves measurement in the +/- base to +45 or -45 degrees. But since Bob measures a photon polarized in +/- direction when measuring in H / V with the same probability in H or V, in half of these cases he receives a wrong result that no longer matches the information sent by Alice. An eavesdropper therefore causes errors in the transmission.

Experimental setup for the generation of entangled photons

On the basis of these errors it is now possible to determine whether or not an eavesdropping attack has taken place. To do this, Alice and Bob simply exchange a number of bits - again quite publicly - and use this to estimate the error rate. Since there can also be natural transmission errors, the problem is now to find a limit value above which an eavesdropping attack must be assumed. A possible eavesdropper could use the system's technical flaws to disguise his attack. Therefore, all errors that have occurred must always be attributed to an eavesdropper. In order to achieve a high key rate, all technical errors must be reduced to a minimum.

In order to guarantee “permanent security”, the strongest possible attack must be accepted. Eve has all the options that are allowed within the framework of quantum mechanics. Detectors with one hundred percent efficiency and quantum memories are just as much a part of their tools as quantum computers. Nevertheless, Eve will leave mistakes by which one can measure her gain in information. For the BB84 protocol, these considerations result in a limit of the error of eleven percent. If the error is above this, it is no longer a question of secure transmission. On the other hand, if the error is smaller, Alice and Bob share more information than Eve does with Alice or Bob. With a special procedure, the "privacy amlification", even Eve's information can be filtered out of the faulty, insecure key and a guaranteed secure key can be created for Alice and Bob.

Entanglement as an alternative

In 1991 Artur Ekert developed an alternative protocol based on the quantum mechanical entanglement of states. Pairs of photons are used, the polarization of which is parallel to one another due to the mechanism of their formation. The entanglement has the result that when the polarization is measured in a randomly selected base, the polarization of the second photon instantly assumes a state in the same base.

If Alice and Bob each share a photon of such an entangled pair, then their measurement results must always be identical if they measure in the same basis. As in the case of the BB84 protocol, this results in a key. Instead of the active coding as with BB84, Alice carries out a passive measurement of the polarization state in the E91 protocol.

Although the E91 protocol is very elegant, the BB84 protocol is used almost exclusively in practice today. The reason for this is that for BB84 there is theoretically sound evidence for the safety of the procedure with given errors. With the E91 protocol, on the other hand, the connections between the eavesdropping attack and its consequences for the transmitted data have not yet been fully clarified.


Currently, the biggest problem in the technical implementation of quantum cryptography systems is the measurement of individual photons. The key rates achieved so far are rather modest and are mostly in the range of a few kilobits per second. This rate is also limited by the length of the transmission path. In contrast to a classic pulse made up of many photons, individual photons cannot be sent through an amplifier because of the no-cloning theorem. Losses in transmission therefore have a direct effect on the key: the loss of a photon means the loss of a bit.

The systems tested in laboratories today still achieve a transmission length of over a hundred kilometers in glass fibers with key rates of around a hundred bits per second. Shorter distances, such as those found in inner-city fiber optic networks, can be supplied with ten kilobits per second.

If the photons are not transmitted through the air through glass fibers but rather through a telescope, the attenuation is reduced and longer distances can be bridged. A quantum cryptography connection over 144 kilometers between the Canary Islands Tenerife and La Palma could be realized in experiments.

For use in practice, however, it is not only the distance that can be bridged and the transmission rate that are important. It is also important that the systems are fail-safe and easy to operate. In recent years, the leap from room-filling laboratory setups to compact and reliable devices has actually been made. Spin-off companies from various university groups have already started offering their systems to external customers. Quantum cryptography is the first commercially usable application of the fundamental but not always intuitive laws of quantum physics.