Quantum cryptography is considered extremely secure as it builds on the sensitive properties of quantum light.

**Prof. Charles Bennett** of IBM Research, U.S., explained to **Shubashree Desikan **the basics of quantum cryptography, security and hacking. Prof. Bennett, along with Prof. Gilles Brassard, University of Montreal, Canada, discovered the BB84 protocol, which is the cornerstone of quantum cryptography. He was in Chennai to attend the Asian Quantum Information Science - 2013 conference. Excerpts:

How can light be used in quantum cryptography?

Quantum cryptography uses the fact that the properties of very-dim light, ideally, single-photons of light, are disturbed, by observing them.

In particular, a photon can be polarised in any angle compared to the direction in which it is travelling, in a plane perpendicular to the direction of travel...

The odd thing about polarisation though, is that the light can be polarised at any angle, but if a photon of light is polarised parallel to the filter that is observing it, it always goes through, and if it’s perpendicular, it always stops. But if it’s polarised at an angle – say 45 degrees – it behaves randomly. It goes through sometimes and it stops sometimes.

This means that you can use photons to carry a reliable signal of just one bit per photon if they are prepared in vertical and horizontal polarisations. But if you rotate your observer’s apparatus, so that it is used to distinguish 45 degree from 135 degree polarised photons, then it [the apparatus] can distinguish between them perfectly, however, it behaves randomly for vertical and horizontal polarisations.

So we have four kinds of photon: horizontal, vertical, 45 degrees and 135 degrees, and two ways of observing them — one way will distinguish the 45 degree and 135 degree “diagonal” photons, and the other way of observing will distinguish the “rectilinear” — vertical and horizontal photons. This is a distinctively quantum phenomenon. It doesn’t happen with bright light signal.

How can this be used for the quantum key distribution?

[Considering an exchange between a sender, called Alice, and a receiver, called Bob...]

Alice sends a random series of these four kinds of photons, and Bob chooses randomly, and independently of Alice, whether to measure them rectilinearly or diagonally.

So some of the time Bob spoils the photon by measuring it the wrong way from the way it was prepared. But the other times Bob gets correct information on how it was prepared. So what we have here is a quantum signal — single photons of light being sent from Alice to Bob.

And then we have a public discussion between Alice and Bob, which has the purpose of getting rid of the data that they spoiled, without leaking information about the data they did not spoil.

They throw away the data they spoiled, without revealing the data they didn’t spoil [which only Alice and Bob know.] That’s quantum cryptography.

How do you realise this in practice?

Gilles Brassard and I and our students, in 1992, built an apparatus to do this. It was just a green light-emitting diode, one with such little power that on average, less than one photon came out of it. And then we sent it through a polarising filter over a distance of about 30 cm to a detector which had an adjustable polarisation direction. Since there was only a tenth of a photon on average per light pulse, most of these data were empty most of the time-slots were empty...

But it seems like even quantum cryptography has been hacked...

In any cryptographic system, if there is a proof of its security, it’s always the proof of some idealised model. In practice, cryptographic systems were usually broken by some exceptions to the model.

But the exception that was found by the Norwegian group(Makarov *et. al*.) was that they were able to trick the detector by giving it too bright a light pulse that blinded it and allowed them to cause the detector to ignore the single photons that were being sent and instead respond to just changes of the brightness of the much brighter light that the eavesdropper was supplying.

How do you get around it?

[One way is]... device-independent quantum key distribution. The idea is to make it possible to infer just from the correlations in the data that we draw, a secure code. This can be done in principle but there are serious practical problems.

Keywords: quantum cryptography, cryptographic system, polarisation