How to Realize Quantum Key Distribution with a Limited and Noisy Link
Author: Paolo Villoresi
Affiliation: Dept of Information Engineering, University of Padua, Italy.
A huge amount of sensitive data travels every day on the internet: credit card numbers, emails, medical reports, social network contents, etc. Such traffic is constantly increasing on a global scale, and data protection is becoming not only a privacy issue for an individual, but also an economical and national security asset. This call for an intense use of cryptography, as we see in everyday transactions and queries over the internet. In particular, depending on the application context, security services may be required such as data integrity, confidentiality and authenticity. The corresponding security mechanisms are implemented by means of algorithms that require cryptographic keys, that is, secret bit sequences shared only by the sender and the receiver, and totally hidden from unintended users or devices in the network .
By leveraging the laws of quantum physics, two distant parties are able to share cryptographic keys with unconditional security, i.e., with provably negligible information leaked to the eavesdropper. When photons are used as bit carriers, in fact, observations of the attacker on the quantum transmission statistically produce a perturbation on the system itself, thus allowing the legitimate users to estimate the information that (s)he may possess and to take the appropriate countermeasures (e.g., discarding the current key). On the contrary, the security of classical cryptography – which is currently used on the internet – is based on mathematical problems for which no efficient solution exists nowadays. Such a solution, however, may appear in the near future, thanks to mathematical and computational breakthroughs as well as for the development of quantum computers.
Therefore, these keys need to be securely exchanged. As opposed to classical methods, by using quantum cryptography this key exchange (the quantum-key-distribution or QKD) can be brought to the level of being unconditionally secure, envisaging the distant parties with quanta of lights – photons – as the information carrier. The ultimate security may be obtained using the One-Time-Pad or OTP technique, which requires for each encryption and decryption a fresh and truly random key, which shall never be used again. Therefore, besides being the most secure, OTP is also the most key-demanding cipher.
Against this growing need for cryptographic keys, the optimization of the key exchange is a major issue, except for partners that may share a box of hard drives with multi-terabytes of random bits when needed. In the case of distant terminal that are in the need to implement QKD, simple aspects such as the duration of the communication and the background level are critical aspects and useful to assess the viability of a QKD implementation.
In particular, in protected environment like in research laboratories QKD systems are deployed in isolated environment and -- assuming that an arbitrarily high number of photons can be exchanged -- in real world applications these conditions are no longer verified. In realistic scenarios, in fact, the ratio of the number of final secret bits to the number of sent photons decreases on one hand with the number of sent photons, and on the other hand with increasing noise in the transmission channel and in the receiver apparatus.
Image 1: Quantum Communications using satellite are the best example of QKD with finite – and often short - duration and noisy channels.
For real-world scenarios of crucial data exchange and of remote location, as for the satellite communication, the key may be exchanged during satellite passages – which may last as short as a few minutes per hour, and are affected by background illumination which induces spurious light in the detectors . Only recently the theoretical security analysis was made for the case of finite communication time , providing a theory for the maximum rate and the measurement strategy in the case of QKD along a modified BB84 protocol (For details of BB84 protocol, visit the Wikipedia page ).
In the work recently appeared on 'Nature Communications' by our group , including Davide Bacco, Matteo Canale, Nicola Laurenti, Giuseppe Vallone and Paolo Villoresi, all with the Department of Information Engineering at the University of Padova, we have experimentally shown the upper limit to quantum key distribution, in the presence of environmental noise, with the transmission of a limited number of photons and by considering different attack models.
Image 2: Details of the QKD receiver used in the experiment.
In the 'Nature Communications' paper  we described a fully fledged realization of a QKD system in the finite key regime with all details, which could represent a practical guide for the experimental realizations of the modified BB84 protocol. Moreover, in our work we extend the analysis on the key rate: the most general security analysis includes all the possible attack from an eavesdropper, that may store the sniffed photons in a quantum memory (q-memory) and analyze them at leisure. In addition, we decided to introduce the notion of pragmatic security, which is relevant for today attack possibilities since large qmemories are not yet available. This limitation allows to extract more secure bits with respect to the ones obtainable given a requirement of general security, that is, assuming that Eve is limited only by the law of physics.
However, pragmatic secrecy offers forward security: if a key is produced today with pragmatic secrecy (without a qmemory available for Eve), the key or a message encrypted with it will be secure for any future task, even when a qmemory will be present. This is opposed to computationally secure classical cryptography or key agreement where the available information can be stored by the Eavesdropper and decrypted in the future with higher computational power (either technological or algorithmic).
This idea is supported by considering that in a long-term perspective (more than 50 years), a general security is the goal. In the near future (5-10 years), we know that an ideal intercept-resend attack is the best option that an eavesdropper can choose because the quantum memory needed for a general or coherent attack is not yet available. This analysis is crucial for an actual implementation of QKD beyond fiber, such as satellite quantum communication, a situation characterized by a short key in general due to a low rate and an high background noise.
This result opens perspectives for scenarios where the transmission window is limited by physical constraints, as for satellite communications, where the passage of one terminal over the other is restricted to a few minutes. The Padua team has been active on Satellite Quantum Communications for years, and obtained the first experimental demonstration of single photon exchange with an orbiting terminal in 2008 .
Acknowledgments: The work was carried out within QuantumFuture, one of ten Strategic Projects funded by the University of Padova in 2009. Coordinated by Prof. Villoresi, the project has established the Quantum Communication Laboratory and engaged four research groups in a joint activity: Quantum Communications, Quantum Control Theory, Quantum Astronomy and Quantum Optics.
 Valerio Scarani, Helle Bechmann-Pasquinucci, Nicolas J. Cerf, Miloslav Dušek, Norbert Lütkenhaus, Momtchil Peev, "The security of practical quantum key distribution", Review of Modern Physics, 81, 1301 (2009). Abstract.
 P Villoresi, T Jennewein, F Tamburini, M Aspelmeyer, C Bonato, R Ursin, C Pernechele, V Luceri, G Bianco, A Zeilinger and C Barbieri, "Experimental verification of the feasibility of a quantum channel between space and Earth", New Journal of Physics, 10, 033038 (2008) [IOP select paper]. Abstract. 2Physics Article.
 Marco Tomamichel, Charles Ci Wen Lim, Nicolas Gisin, Renato Renner, "Tight finite-key analysis for quantum cryptography", Nature Communications, 3:634, doi:10.1038/ncomms1631 (2012). Abstract.
 Wikipedia page on BB84 protocol.
 Davide Bacco, Matteo Canale, Nicola Laurenti, Giuseppe Vallone, Paolo Villoresi, "Experimental quantum key distribution with finite-key security analysis for noisy channels", Nature Communications, 4:2363, doi: 10.1038/ncomms3363 (2013). Abstract.