UNIVERSIDAD COMPLUTENSE DE MADRID FACULTAD DE CIENCIAS F´ISICAS

DEPARTAMENTO DE OPTICA´

TRABAJO DE FIN DE GRADO

C´odigode TFG: OPT06 Luz no cl´asica,definici´on,tipos, propiedades y aplicaciones. Nonclassical light, definition, types, properties, and applications Supervisor/es: Alfredo Luis Aina

Marta Pel´aezArosa

Grado en F´ısica

Curso acad´emico2020-2021

Convocatoria de Febrero [Recent developments in experimental Quantum Cryptography]

Resumen:

El estudio de la criptograf´ıacu´antica como modo de asegurar confidencialidad en la transmisi´on de informaci´oncomenz´oa finales de la d´ecadade los 60, y se desarroll´ode manera te´oricaen los a˜nossiguientes pero, ¿qu´epodemos decir de su implementaci´onexperimental o incluso comercial?, ¿c´omoha avanzado en las ´ultimas d´ecadas?En este trabajo se tratar´anlos principales protocolos de comunicaci´on(One-time pad, BB84, B91 y E91), centr´andonosen los experimentos recientes que han sido desarrollados para intentar salvar los ´obstaculosen la implementaci´onpr´acticade esta compleja teor´ıay que ha dado lugar a versiones como la comunicaci´oncu´antica con estados ortogonales, con usuarios cl´asicosy mediante sat´elites. Terminaremos con una breve entrevista a uno de los mayores exponentes de esta rama de la f´ısica,Gilles Brassard, pionero en este campo como introductor del primer protocolo criptogr´aficocu´antico, el BB84.

Abstract:

Quantum cryptography as a manner of ensuring secrecy in the transmission of information began in the late 1960s, and was developed theoretically in the following years but, what can we say about its experimental or even commercial implementation?, how has it progressed in the recent decades? In this paper we will discuss the main protocols of communication (One-time pad, BB84, B91 and E91), focusing on some recent experiments that have been developed to try to overcome the obstacles present in the practical implementation of this complex theory, such as quantum communication using orthogonal states, with classical users and through satellites. We will end with a brief interview with one of Quantum Cryptography’s most notable names, Gilles Brassard, pioneer in this field as the introducer of the first protocol of quantum cryptography, the BB84 protocol.

1 Contents

1 Introduction 3

2 Historical Background 3

3 Quantum Cryptography 4 3.1 Classical Cryptography Overview ...... 4 3.2 One-Time Pad ...... 4 3.3 Quantum Key Distribution ...... 4 3.4 BB84 Protocol ...... 5 3.5 B92 Protocol ...... 6 3.6 E91 Protocol ...... 6

4 Experimental Realizations 6 4.1 Quantum Cryptography based on Orthogonal States ...... 7 4.2 Experimental Quantum Cryptography with Classical Users ...... 8 4.3 Satellite-based Quantum Communication ...... 10

5 Brief Interview with Gilles Brassard 11

6 Conclusions 12

7 Appendix 13

8 Bibliography 15

2 1 Introduction

According to the Cambridge Dictionary, cryptography is ”The practice of creating and understand- ing codes that keep information secret” [1]. It will be important to distinguish between classical and modern cryptography. Their main difference is that while classical cryptography is based solely on mathematics and the trouble that factorizing very large numbers entails, its modern alternative centers itself around physics, more specifically, on how the laws of quantum mechanics can help us achieve total security. In this work we will present how to create and transmit those codes by means of some of the most relevant experiments on quantum cryptography performed so far. We will show that the information sent will not be discovered by a third party and therefore will stay confidential, showing that this will only be possible by introducing quantum mechanics. We will introduce the different methods of cryptography used in the past and study the newer experimental advances made in the field of quantum cryptography in order to fix some of its current limitations. Throughout, for the presentation of the more technical terms we refer to a suitable dictionary in the Appendix, referring to each item within the text by a capital letter, such as [A] for example. We will end this presentation with a brief interview with one of the pioneers of Quantum Cryptography, Gilles Brassard, regarding the current state of the art and its consequences for future quantum technologies, and even the very same fundamentals of the quantum theory.

2 Historical Background

The history of cryptography can be divided into three phases: manual cryptography, mechanization of cryptography and finally its extension to the information age. [2] Firstly, we will talk about manual cryptography. Encryption as a way of communication dates back as far as the time of the Egyptians around 1900 B.C., in the form of inscriptions of hieroglyphic symbols. During the Roman Empire, Julius Caesar used a simple substitution cipher, known as the Caesar Cipher [A], to send messages to his armies. After the development of new technologies, the second phase began. One the most famous endeavours developed during this period is the Venona project, which was a North American counterintelligence program created during World War I. It was able to decypher some of the messages that the Soviet Union sent using the one-time pad, due to the fact that they made the mistake of recycling their keys. At the end of World War II, German engineer Arthur Scherbius invented the famous Enigma machine, which was used by the German forces during the war. It was later decoded by Poland and sent to British cryptographers for further study. With the appearance of public-key cryptography we transferred to the third and current phase. In 1968, Stephen Wiesner, a research physicist at the University of Columbia in New York, proposed the ideas of quantum money and a ”quantum multiplexing” channel. The latter, also known as quantum conjugate coding, consists of the transmission of two messages between two sources by encoding them in ”conjugate observables”, namely linear and circular polarization of light. In this process only one of the two messages can be received and decoded, while the other one will be destroyed. Wiesner wrote a paper explaining his ideas and sent it to the scientific magazine IEEE Trans- actions on Information Theory but it was rejected. However, he had told all of this to his fellow undergraduate student at Brandeis University, Charles Bennett. In 1984, Bennett (IBM Thomas J. Watson Research Center) and Gilles Brassard (University

3 of Montreal) published the first paper on quantum cryptography and presented it at the ”Interna- tional Conference on Computers, Systems and Signal Processing” in India, motivated by Wiesner’s proposals, where they introduced the now known as BB84 protocol, which is a technique of secure communication based on the concept of quantum key distribution. [3] In the early 1990s, Arthur Ekert, a PhD at Wolfson College in Oxford, merged quantum en- tanglement [C] and the violation of Bell’s theorem [D] with quantum key distribution [4], which started drawing attention to Quantum Cryptography as a whole. [6] In the past decades there have been many developments and the progress in building more efficient quantum computers will help discover new opportunities for quantum cryptography.

3 Quantum Cryptography

3.1 Classical Cryptography Overview Alice and Bob, which are the names given to the sender and the receiver, want to achieve secret communication preventing eavesdropping from Eve; a, usually malicious, third party. To accomplish this, they will follow a cryptographic protocol consisting of encoding and decoding a message. There are two ways of communication, through public or private key. As their names entail, public key constitutes one sender and several receivers, while private key is the communication between only one sender and one receiver. The most common used method of public-key communication is through the RSA (Rivest, Shamir and Adleman) algorithm [E]. This procedure is based on the difficulty of factorizing large numbers, so if Eve has more computational power than Alice and Bob it will not be useful. In private-key communication we do not have to make any assumptions about Eve’s computa- tional power.

3.2 One-Time Pad The one-time pad is a technique of encoding where a random key the same size as the message being sent is used only once to prevent the eavesdropper from finding a pattern and being able to decipher it. The main question that can be asked about this method is, how will the key be exchanged securely? It is not enough for Alice to have the pad, in order to achieve communication Bob should have it as well, we need to find a way of sending it maintaining security.

3.3 Quantum Key Distribution Quantum key distribution (or, for short, QKD) is the response to the question posed in the previous section. QKD involves the use of quantum mechanics and the properties of light to share the key safely. Alice and Bob exchange a key through their quantum channel, if Eve intercepts it and measures it, the polarization state will unavoidably change because even the most subtle quantum observation perturbs the observed system in a random unpredictable way. When they check if their keys match they will find out if there has been eavesdropping or not. The photons used for quantum key distribution are generally in non-orthogonal states so as to guarantee security, because these states cannot be measured without some kind of random disturbance in them, that way when Eve interferes she will be detected, this can be explained with the no-cloning theorem [F].

4 3.4 BB84 Protocol

Figure 1: Taken from [8]

The protocol proposed by Bennett and Brassard in 1984 follows three steps: quantum commu- nication, basis reconciliation and classical post-processing. Firstly, for quantum communication Alice will prepare her photons at random in one of the fol- lowing four linear polarization states: horizontal, vertical, 45º and -45º with the horizontal/vertical. She will send Bob a random sequence of these four kinds of particles and he will measure each pho- ton’s polarization randomly, but using the same polarization bases as her, because he does not know what basis Alice chose to encode them. The randomness of this process is of extreme importance because if there was some kind of pattern in the preparation of the states, maybe if Alice is more prone to choosing one over the others even if she is unaware of it, there would be the slightest chance that Eve could still interfere in the communication. Secondly, they will go through the process of basis reconciliation. Bob publicly declares the basis that he used to measure each photon, and Alice notes if he made the right or wrong decision, meaning if they used the same basis or not, out of the two bases at hand. Following this, they will discard all of the photons that Bob measured in a different basis to the one Alice used and they will be left with two keys, named the sifted keys. Their sifted keys will only be identical if there has been no eavesdropping at all, this will be checked in the next step. Lastly, Alice and Bob will perform error correction, classical information processing to determine the amount of error present in their keys. They will choose a subset of random photons from their keys on which they should ideally agree and they will compare their polarization states, discarding each bit [G] compared regardless of it being the same or not. If they find that even one of the bits compared shows inconsistency that will mean that Eve has intruded in their communication and they will have to start the process all over again. If we consider that Eve is present and she does not know the basis sequence that Alice will follow, and we know that because of the no-cloning theorem any incorrect measurement that she makes winds up with the loss of the original information sent by Alice, then when this measured photon reaches Bob, he will read the bit incorrectly with a 50% chance. If we regard that the

5 eavesdropper will measure in the wrong basis half of the time, at the end, 25% of the bits in Bob’s key will be different to the ones originally sent by Alice. The probability of Eve going undetected decreases as the number of bits in the subset chosen for comparison increase, if Alice and Bob choose a large enough subset then the chance of an eavesdropper succeeding in intruding their communication will be insignificant although never null, there is always a possibility that Eve will choose the same basis as Alice by pure chance.

3.5 B92 Protocol This protocol is vastly similar to the BB84 protocol, nevertheless, only two polarization states are needed. The process of communication is the same as explained for the previous protocol, only introducing a new notion, erasure. Alice will randomly prepare her photons in one of two bases, horizontal (0º) or 45º, and then send them to Bob, who will, also randomly, set his analyzer orthogonally to Alice’s directions, at either 90º or -45º. If he measures a photon in the wrong basis he will get nothing, this is erasure. This way, if the measurement succeeds and Bob detects a photon, he will then know the polarization state that Alice used and they will come up with the key assigning the bit values 1 and 0 to each state.

3.6 E91 Protocol Ekert proposed this method in 1991, making use of Bell’s theory [D] and the EPR (Einstein, Podolsky and Rosen) paradox [C]. An external source will emit pairs of entangled polarized photons (their spins will add up to 0, so the system has zero total angular momentum, this is called a spin singlet [9]), Alice and Bob will receive one each and measure them in a random basis. Quantum entanglement will make it so that every time they measure in the same basis they will obtain opposite results. After measuring every photon, if they agreed 100% on the basis used they would have two sequences of bits that will complement each other, this will be their secret key. Eavesdropping can be tested by comparing some of the photons for which they used the same measuring basis, if they do not have opposite values this will mean that Eve has interfered or even that she is the source that sent Alice and Bob the pairs of particles, this is essentially a Bell-type measurement.

4 Experimental Realizations

Even though Quantum Cryptography is a relatively new concept in the world of physics, a lot of work has been put into it in the past decades, nevertheless it still has many limitations. These challenges include the short distance communication is limited to, high error rates, development of hacking devices, the cost of the infrastructure and many others. [10] The ideal hope for the development of this is having it become a common-use technology, available to anyone with a computer and an internet connection. In order to obtain this, there are many research groups around the world working to overcome the obstacles mentioned. We will talk about some of the latest advances in this field.

6 4.1 Quantum Cryptography based on Orthogonal States The first experimental realization we will introduce was developed in Turin, Italy, in 2010. It tries to surpass the restriction of only using non-orthogonal states in QKD. This scheme is based on a paper published by Goldberg and Vaidman in which they introduce a Quantum Key Distribution protocol with orthogonal states [11], in this scheme our orthogonal states will be the result of a superposition of two wave packets that will travel in different channels.

The procedure follows Alice sending these two states at random times separated by a fixed delay, if this delay is larger than the traveling time between sender and receiver a higher level of security will be assured. This strategy makes sure that the quantum channel will not transport the two wave packets simultaneously. The experimental setup consists mainly of a Mach-Zehnder interferometer [H] and a photon source based on parametric down conversion [I].

Figure 2: Taken from [12]

This interferometer has two equal optical delays, we will name them OD1 and OD2. At the entrance of the first beam splitter there will be two sources, S0 and S1, that will provide single photons traveling in different channels, i.e. the two arms of the Mach-Zehnder, say |ai and |bi. Illumination S0 by one side of the input beam splitter produces the state |0i ∝ |ai + |bi, while illumination S1 by the other side produces |1i ∝ |ai − |bi. These states are orthogonal h0|1i = 0, thanks to the π phase and ha|bi = 0. Eventually, these two states will go to different detectors D0 and D1 in Bob’s site because of their π relative phase. For the transmission, |ai and |bi are strongly delayed in Alice’s site via a delay line OD1, so that |ai arrives to Bob’s site before |bi leaves Alice’s site. Then this delay is compensated in Bob’s site with an equivalent delay line OD2. This is to say, as one of the wave packets is stored in OD1, the other one travels to Bob’s site and stays in

7 OD2 until the first one also reaches Bob’s site. Then they will interfere when reaching the second beam splitter being directed to different detectors D0, or D1, depending on the relative phase, 0 or π respectively. Eve can do either of two actions: an instantaneous measurement, in which she will only intercept one of the wave packets; or using a measuring device with a delay, that way she can measure both states with certainty, but by doing this, and making sure that Alice tells Bob the times of emission of both photons once they have reached him, he can figure out that the transmission took longer than expected and consequently discover the eavesdropping. [13] After the communication has been achieved, the next step will be to check for possible eavesdrop- ping, taking into account both of the eavesdropping schemes mentioned above. First by comparing publicly the sending and receiving times and then by measuring the quantum bit error rate (QBER) [J] between the two keys by comparing their bits.

Only the events detected by Bob at times tr = ts +τ +T can be considered free of eavesdropping. Where tr and ts are the detection and transmission times, τ is the delay and T is the traveling time between sender and receiver. If the detection time does not add up that means that Eve has been present. Measuring the QBER with the following formula:

QBER = Pwrong Pright+Pwrong

where Pwrong(Pright) is the probability of Bob receiving a bit different (equal) to the one sent by Alice. The QBER has been measured to be around 7%, which is a reasonably good value. In order to satisfy perfect security and no eavesdropping, a completely efficient single-photon source would be required, in that case there are no known eavesdropping approaches against this technique. However, if the signal has a multiphoton component, a beam splitter attack could be executed by Eve, having the photons travel to Bob still while the reflected ones are measured by her. The photon source used in the specific experiment can be considered a good approximation to an ideal single-photon source, so the results obtained are trustworthy and we can conclude that there has been no eavesdropping. Making this implementation of Quantum Key Distribution with orthogonal states a secure technique. [12]

4.2 Experimental Quantum Cryptography with Classical Users

This experimental implementation developed between universities in Austria, Portugal and the United States tries to challenge the nature of Alice and Bob by making them both entirely classical. Utilizing the notion of Semi-Quantum Key Distribution (SQKD), where in order for communi- cation to be achieved only one of the factions, namely Alice, is quantum, while Bob is classical. A question is asked about the possibily of secure transmission with both sides being classical. This can be achieved by introducing an untrusted third party, the server, that is in charge of the distribution of the entangled photons and the measuring in various bases (there is a possibility that it could be Eve giving them the photons). This way Alice and Bob can be fully classical, only having to know how to perform the detection and reflection of a photon, and no quantum operations. The steps of the protocol are described as follows: 1. The server sends a pair of entangled photons to Alice and Bob at determined time intervals.

8 Figure 3: Taken from [14]

2. Alice and Bob choose randomly to either detect or reflect the photon. When choosing detection, the photon goes to the detector controlled by each user; when reflecting, the photon is sent back to the server and consequently to a beam splitter where there are two detectors, D0 and D1. 3. The server measures the photons received, if any, and gives an answer depending on the clicks in the detectors: If both choose to reflect, single-photon interference occurs at the beam splitter with the relative phase of the two interfering photon amplitudes tuned such that only detector D0 clicks, in this case the server gives an answer of ”0”. If one detects and does not measure anything this means that the photon will collapse into the other user’s site, inhibiting single-photon interference and allowing both detectors to click with the same probability. If detector D1 clicks, the server will give an answer of ”1”, and this will allow both parties to know what the other one chose to do. If there is no click the server will respond with ”v”, and if by any chance there is more than one click the answer will be ”m”.

The response that we will be focusing on is the one corresponding to a click in D1 and in which the one choosing to detect did not measure a photon, as explained, this means that the two classical parties performed the opposite action, so this will let each of them know what the other one chose and the raw key will be written. If Alice detects and Bob reflects a 0 will be added to the key, viceversa, if Alice reflects and

9 Bob detects the bit included will be 1 (as indicated in the table in Figure 3). In order for this implementation to be successful, there should be phase stability between the users and the server, which is the key issue observed. Even though the theoretical side of this scheme is very well developed, there needs to be some improvement in the practical part, specifically in some of the instruments of the experimental setup, such as achieving better single-photon sources, quicker switches or more efficient detectors. [14]

4.3 Satellite-based Quantum Communication This project carried out between China and Austria is one of the most impressive implementations of Quantum Key Distribution up until today. A low-Earth orbit satellite, whose namesake is the Chinese philosopher Micius, was launched to an an altitude of about 50km and communicates with various stations in China and one station in Austria. It travels in an orbit around the Earth with a period of 94 minutes. This procedure, following an E91 protocol, consists in sending Spaceborne entangled photons [K] that will advance through space and reach the two ground stations (at different travel distances from the satellite), where they are received by telescopes. After arriving to the surface they are examined, checking for the conservation of entanglement between them and the violation of Bell’s inequality. In the botton 10 kilometers of the atmosphere there can be photon loss, but further up we can consider that the photons will travel in a vacuum with no decoherence and no absorption. The communication can only be performed at night, because daylight is a notable source of noise. The result of this procedure was a successful entanglement distribution between Delingha and both Linjang and Nanshan, achieving the maintaining of entanglement between the two photons and violation of Bell’s inequality. [16] Micius was also used to distribute secret keys between China and Europe, which hopefully will end up with the attainment of global secret communication. This concluded in the mailing of a picture of Micius from Beijing to Vienna and one of Schr¨odingerfrom Vienna to Beijing using the one-time pad encoding scheme. And finally, in September 29th of 2017, a quantum-encypted video conference between the Academies of Sciences in China and Austria was made possible, lasting 75 minutes. [15] Another Chinese research project fixed the constraint of only being able to communicate at night, introducing a daytime communication scheme based on reducing the background noise ob- tained from sunlight with three methods: wavelength selection, spectrum filtering and spatial filtering. For wavelengths of around 800nm, which are the ones used in the Micius project, the main source of noise during the day is Rayleigh scattering [L]. To fix this problem the wavelength will be increased to 1500nm, which is the same as the one used for fibre-optical communication, this will reduce the background noise to 3% of the one calculated with λ = 800nm. The primary cause of noise will now be Mie scattering [M]. Two types of filters are used to reduce noise: a short-pass filter and a bandpass filter. The field of view of the receiving system was reduced 10 times to achieve spatial filtering. Following a BB84 procedure, communication was achieved through Qinghai lake between Heimahe village (Alice) and Quanji village (Bob), with a distance of 53km. [17] As mentioned previously, the satellite used for this quantum key distribution scheme is a low- orbit satellite, a possible future development will be to try to launch some higher-orbit satellites,

10 this will make global secret communication easier and more attainable.

5 Brief Interview with Gilles Brassard

As mentioned in the previous sections, Dr. Gilles Brassard can be considered one of the inventors of Quantum Cryptography as a whole. Born in 1955 in Montreal, Canada; he was awarded a PhD in Computer Science from Cornell University in 1979, and he is currently a professor at the University of Montreal. He became Canada Research Chair in 2001. [18] Motivated and inspired by his work, I emailed him asking him some questions that he was extremely kind to answer.

My thesis is centered around the experimental implementation of cryptographic protocols. Which of the experimental procedures of your BB84 protocol do you find most remarkable and why? Which is definitely not my specialty. I am a theoretical computer scientist, with some knowledge of theoretical physics but almost none on experimental physics. Despite the above, I can answer. In my opinion, the most remarkable experimental realization is the Chinese implementation through their satellite Micius, which culminated with a famous video call between the presidents of the academies of sciences of Austria and China in September 2017 (don’t quote me on the date, which I simply recalled in my head). The Chinese backbone that links Shanghai to Beijing is also remarkable. Furthermore, I am impressed by the commercial success of idQuantique (also known simply as IDQ), based in Geneva.

Do you believe that quantum cryptography can be used as a tool for the better understanding of quantum physics as a scientific theory? For example, helping in answering the question of information being the ultimate nature of reality, such as Zeilinger’s view of each atom of reality being the response to a single question. [19] Absolutely. It has already been the driver in addressing never-before asked questions that are nevertheless fundamental outside cryptography. For instance, what is the tradeoff between gaining information on a quantum state by the most general measurements (POVMs) and the procedure amount of disturbance caused by that measurement.

I agree that information is the ultimate nature of reality. Have you read my paper  Is infor- mation the key?  (Nature Physics, Vol. 1, no. 1, pp. 2 – 4, October 2005) [20]? However, I don’t see a connexion between this statement and BB84. Perhaps with entanglement-based QKD protocols, but I don’t see it right away. [Regarding Zeilinger´s theory] Interesting. I had not heard of this. I’ll try to remember asking him about it next time we meet... after the pandemic is over!

Could quantum cryptography be threatened if we found a more general theory that would undermine quantum physics and turn it into that of a limit? If quantum theory is very wrong, which is not impossible, the proofs of security for BB84 are no longer valid. Some quantum crypto might still survive, but it’s beyond current technology to implement it. I’m thinking of the ultimate version of device-independent QKD in which the proof

11 of security dependsRevenues from Quantum only Key on Distribution the to no-signalling Reach Almost $850 Million principle, by 2025 which is somewhat independent20-08-14 of17)00 quantum theory. It is true thatRevenues finding from aQuantum way to Key break Distribution BB84 orto Reach some Almost other $850 QKD Million protocols by 2025 could lead to major discoveries on what’s wrong (if anything is) with quantum theory. But of course, this would have "Inside Quantum Technology" 11 août 2020 08:59 to be an attackÀ: [email protected] on ideal protocols, not on implementations.

Do you believe that quantum cryptography will ever become a common-use technology? I think it may happen once quantum computers cause havoc in the current cryptographic infras- tructure. Unfortunately, people often need a major upset before inertia can be overcome. Think of climate change as a more spectacular (and more threatening) situation. Revenues from Quantum Key Distribution to Reach Almost The enclosed chart predict more than four billion dollars  Markets from Quantum Key Dis- $850 Million by 2025 tribution systemsRevenues by End from Quantum Users Key Distribution toby Reach 2029.Almost $850 Million I don’t by 2025 know how serious this is,20-08-14 but 17)00 it’s encouraging... August 6, 2020 Revenues from Quantum Key Distribution to Reach Almost $850 Million by 2025

"InsideNew Quantum York, Technology" New York: According to a new report from Inside Quantum11 août 2020 08:59 À: [email protected] (www.insidequantumtechnology.com), the worldwide market for Quantum Key Distribution (QKD) will near $850 million in 2025 and then go on to around $4.0 million by 2029. QKD is a technique that ensures perfect security on a transmission line, guaranteed by the laws of quantum mechanics.

Revenues from Quantum Key Distribution to Reach Almost $850 Million by 2025

August 6, 2020

New York, New York: According to a new report from Inside Quantum Technology (www.insidequantumtechnology.com), the worldwide market for Quantum Key Distribution (QKD) will near $850 million in 2025 and then go on to around $4.0 million by 2029. QKD is a technique that ensures perfect security on a transmission line, guaranteed by the laws of quantum mechanics.

https://mail.iro.umontreal.ca/ Page 1 sur 4 What do you think is the next step in the study and development of quantum cryptography? There are so many exciting directions. I can’t choose one in particular.

6 Conclusions https://mail.iro.umontreal.ca/ Page 1 sur 4 Cryptography is a relevant example of emerging quantum technologies. A key point is that it has been demonstrated that a truly secure communication can only occur in a world ruled by the quantum theory, being an immediate consequence of the most fundamental concepts and principles. In other words, quantum cryptography is not a further step in the natural development of preceding technologies. This is something absolutely and radically new.

12 We may say that these new technologies can only be developed by physicists because they are bound to the most intimate knowledge of reality, as all the technical applications of quantum physics are immediately linked to its most fundamental concepts. Vice versa, as Prof. Brassard told us, quantum cryptography can be actually used as a tool for the better understanding of quantum physics and the nature of reality, addressing never-before asked questions that are fundamental outside cryptography. In this regard we may note that out of all the different fields of physics, optics is the most crucial when it comes to the study of the quantum world. Optics studies the properties and behavior of light, quantum optics can be described as the application of quantum mechanics to the study of light or photons, as all the experiments reported in this work clearly demonstrate. With the amount of research groups working toward the bettering of more convenient quantum computers, the expanding of more efficient instruments and the overcoming the overall challenges, we can expect a promising future in the field of Quantum Cryptography, hoping that it will even- tually become a technology accessible to anyone, as well as a theoretical and practical laboratory for a further development of the quantum theory. As a matter of fact this is a technology already available for commercial purposes by companies such as MagiQ (implementing BB84 protocol) [21] and IDQuantique (implementing coherent one-way protocol, as a kind of combination of the BB84 and orthogonal-states protocols) [22] that have implemented and brought to commercial use quantum key distribution systems [23], although its true level of security has been questioned [24].

7 Appendix

[A] Caesar Cipher This cipher created during the Roman Empire consists on replacing each letter of the message wanting to be sent with another one that is a specific number of positions further down the alphabet.

[B] Heisenberg’s Uncertainty Principle Introduced by Werner Heisenberg in 1927, this principle reads that it is not possible to know the two conjugate properties of a quantum system simultaneously with certainty. [25] It was originally explained with the momentum and position of a particle, but in the field of quantum cryptography the properties to be measured are the polarization of photons in different non-orthogonal bases.

[C] EPR Paradox and Quantum Entanglement Paradox introduced by Albert Einstein, Boris Podolsky and Nathan Rosen in their 1935 paper ”Can Quantum-Mechanical Description of Physical Reality be considered Complete?”. [26] This paradox consists in an imaginary experiment used for explaining that quantum physics is an incomplete theory and it does not provide an outright description of physical reality. This layout describes quantum particles as having some properties, later named ”hidden variables”, that are not described within quantum theory, this way the randomness of quantum physics is due to the lack of knowledge about these properties. In this paper they introduce the concept of entanglement, as their thought scenario requires a pair of entangled particles, but they do not give it a name nor develop a theory on it. Erwin Schr¨odingersent a letter to Einstein using the word ”entanglement” for the first time.

13 Quantum entanglement between two or more particles means that it is impossible to describe one’s quantum state without taking into account the state of the others. Even if the entangled particles are separated by a large distance, when measuring a property of one of them the outcome will be that the opposite state will be observed in the other one immediately.

[D] Bell’s Theorem Formulated in 1964 by physicist John Stewart Bell in his paper ”On the Einstein, Podolsky, Rosen Paradox” [27], it states that local hidden variable theories are incompatible with the statistical predictions of quantum mechanics. Local hidden-variable theories refer to the thought that the probabilistic nature of quantum mechanics is due to the existence of these inaccessible variables. In this context it is fundamental because the inexistence of these hidden variables guarantees that no one can predict Alice or Bob’s measurements.

[E] RSA Algorithm Bob chooses two large prime numbers (p and q) and publicly reveals their product (N) along with another number (c), which is in no way related to the original two numbers. Alice then encrypts her message using N and c, having to know the values of p and q to decode it; only Bob knows them. Factorizing N in order to find p and q will take a long time and hence the message will stay secret until the prime numbers are calculated. [7]

[F] No-cloning theorem Theorem published in 1982 by William Wootters, Wojciech H. Zurek and Dennis Dieks, explaining that it is impossible to make an identical copy of a single quantum state that is unknown, because of the linear nature of quantum mechanics. [28] This theorem is extremely helpful in the area of quantum cryptography because it helps prevent eavesdropping and therefore preserve privacy. Eve tries to make a copy of the photons sent by Alice in order to find out what the message being sent is, she also wants to send the copied photons to Bob so that she can stay undetected. This cannot happen, because of the no-cloning theorem. For example, if her copying device is able to copy the diagonal polarization states, it will not succeed in copying the vertical and horizontal states. This way, Alice and Bob will be able to detect her presence after just comparing their bit strings. It is important to take into account that only the non-orthogonal states are impossible to clone, this is why they are used for quantum communication instead of orthogonal states.

[G] Bit A bit, short for binary digit, is the smallest unit of storage, it can only be in two possible states, 0 and 1. Analogous to this, the unit used in quantum information science is the qubit (quantum bit), it can be in both states at the same time. [8]

[H] Mach-Zehnder Interferometer Interferometer created by Ludwig Mach and Ludwig Zehnder, consisting of two beam splitters. The light splits in the first one and is recombined in the second one. [29]

14 [I] Parametric Down Conversion Optical process that follows a photon splitting into two other photons with energies lower than that of the original one. [30]

[J] Quantum Bit Error Rate Gives information about the presence of an eavesdropper by calculating the fraction of errors in the key. [8]

[K] Spaceborne Quantum Photon Source Developed by researchers at the Fraunhofer Institute for Applied Optics and Precission Engineering IOF in Jena, Germany; this photon source is able to emit 300000 of pairs of entangled photons per second by hitting a nonlinear crystal with a laser light, provoking parametric down conversion. This pairs of photons will be used for encoding information, given that they will stay entangled even if they are vastly separated. [31]

[L] Rayleigh Scattering Type of scattering caused by particles with a diameter smaller than the wavelength of the radiation they are interacting with (light). Seen in atmospheric gases, it is what makes the sky blue. [32]

[M] Mie Scattering Type of scattering caused by particles with a diameter larger, but not much bigger, than the wavelength of the radiation they are interacting with (light). Mainly caused by water droplets, dust, etc. [32]

8 Bibliography

References

[1] Definition of Cryptography: https://dictionary.cambridge.org/dictionary/english/ cryptography

[2] Simmons G. J. Cryptology. Encyclopedia Britannica (2016). https://www.britannica.com/ topic/cryptology

[3] Bennett C, Brassard G. Quantum cryptography: Public key distribution and coin tossing. Theoretical Computer Science Volume 560, Part 1, Pages 7-11 (2014).

[4] Ekert A. Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67, 661-663 (1991).

[5] Bennett C, Brassard G, Ekert A. Quantum Cryptography. Scientific American, Vol. 267, No. 4, pp. 50-57 (1992).

[6] Brassard G. Brief History of Quantum Cryptography: A Personal Perspective. IEEE Informa- tion Theory Workshop on Theory and Practice in Information-Theoretic Security (2005).

[7] Scarani V, Lynn C, Shi Yang L. (2010). Six Quantum Pieces: A First Course in Quantum Physics. Singapore: World Scientific.

15 [8] Hjelme D, Lydersen L, Makarov V. Chapter 5. Quantum cryptography. arXiv preprint arXiv:1108.1718v1 (2011).

[9] Moskowitz C. Quantum Entanglement Creates New State of Matter. Sci- entific American (2014). https://www.scientificamerican.com/article/ quantum-entanglement-creates-new-state-of-matter1/

[10] Brassard G, L¨utkenhaus N, Mor T, Sanders B. Limitations on practical quantum cryptography. Phys. Rev. Lett. 85, 1330-1333 (2000).

[11] Goldenberg L, Vaidman L. Quantum Cryptography Based on Orthogonal States. Phys. Rev. Lett. 75, 1239-1243 (1995).

[12] Avella A, Brida G, Degiovanni I, Genovese M, Gramegna M, Traina P. Experimental quantum- cryptography scheme based on orthogonal states. Phys. Rev. A 82, 062309 (2010).

[13] Peres A. Quantum Cryptography with Orthogonal States? Phys. Rev. Lett. 77, 3264 (1996).

[14] Massa F, Yadav P, Moganaki A, Krawek W, Mateus P, Paunkovi´cN, Souto A, Walther P. Experimental Quantum Cryptography with Classical Users. arXiv preprint arXiv:1908.01780v1 (2019).

[15] Liao S, Cai W, Handsteiner J, Liu B, Yin J, Zhang L, Rauch D, Fink M, Ren J, Liu W, Li Y, Shen Q, Cao Y, Li F, Wang J, Huang Y, Deng L, Xi T, Ma L, Hu T, Li L, Liu N, Koidl F, Wang P, Chen Y, Wang X, Steindorfer M, Kirchner G, Lu C, Shu R, Ursin R, Scheidl T, Peng C, Wang J, Zeilinger A, Pan J. Can. Satellite-Relayed Intercontinental Quantum Network. Phys. Rev. Lett. 120, 030501 (2018).

[16] Yin J, Cao Y, Li Y, Liao S, Zhang L, Ren J, Cai W, Liu W, Li B, Dai H, Li G, Lu Q, Gong Y, Xu Y, Li S, Li F, Yin Y, Jiang Z, Li M, Jia J, Ren G, He D, Zhou Y, Zhang X, Wang N, Chang X, Zhu Z, Liu N, Chen Y, Lu C, Shu R, Peng C, Wang J, Pan J. Satellite-based entanglement distribution over 1200 kilometers. Yin et al., Science, 356, 1140–1144 (2017).

[17] Liao S, Yong H, Liu C, Shentu G, Li D, Lin J, Dai H, Zhao S, Li B, Guan J, Chen W, Gong Y, Li Y, Lin Z, Pan G, Pelc J, Fejer M, Zhang W, Liu W, Yin J, Ren J, Wang X, Zhang Q, Peng C, Pan J. Long-distance free-space quantum key distribution in daylight towards inter-satellite communication. Nature Photonics 11, 509-513 (2017).

[18] Biography of Gilles Brassard: https://www.uottawa.ca/president/people/brassard-gilles

[19] Zeilinger A. A Foundational Principle for Quantum Mechanics. Foundations of Physics 29, 631–643 (1999).

[20] Brassard G. Is information the key? Nature Physics 1, 2-4 (2005).

[21] About MagiQ: https://www.magiqtech.com/solutions/network-security/

[22] About IDQuantique: https://www.idquantique.com/

[23] Pljonkin A, Singh P. The review of the commercial quantum key distribution system. PDGC 2018 - 2018 5th International Conference on Parallel, Distributed and Grid Computing, 795-799 (2018).

16 [24] Lydersen L, Wiechers C, Wittmann C, Elser D, Skaar J, Makarov V.Hacking commercial quantum cryptography systems by tailored bright illumination. Nature Photonics 4, 686-689 (2010).

[25] Heisenberg W. Uber¨ den anschaulichen Inhalt der quantentheoretischen Kinematik und Mechanik (About the descriptive content of quantum theoretical kinematics and mechanics). Zeitschrift f¨urPhysik 43, 172–198 (1927).

[26] Einstein E, Podolsky B, Rosen N. Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? Phys. Rev. 47, 777-780 (1935).

[27] Bell J. S. On the Einstein Podolsky Rosen paradox. Physics Physique Fizika 1, 195-200 (1964).

[28] Wootters W, Zurek W, Alamos L. The No-Cloning Theorem. Physics Today 62, 2, 76 (2009).

[29] Zetie K, Adams S, Tocknell R. How does a Mach-Zehnder interferometer work? Physics Education 35(1), 46-48 (2000).

[30] Couteau C. Spontaneous parametric down-conversion. arXiv preprint arXiv:1809.00127v1 (2018).

[31] About Spaceborne photon source: https://phys.org/news/2018-10-space-borne-quantum-source.html

[32] Lockwood D.J. Rayleigh and Mie Scattering. Encyclopedia of Color Science and Technology. Springer, New York, NY. (2006).

[33] Lomonaco S. A quick glance at quantum cryptography. Cryptologia 23(1), 1-41 (1999).

[34] Pirandola S, Andersen U, Banchi L, Berta M, Bunandar D, Colbeck R, Englund D, Gehring T, Lupo C, Ottaviani C, Pereira J, Razavi M, Shaari J, Tomamichel M, Usenko V, Vallone G, Villoresi P, Wallden P. Advances in quantum cryptography. Advances in Optics and Photonics 12(4), 1012-1236 (2020).

17