In the future, our society and our lives will become even more reliant on networks, so it will be vital that information is transmitted quickly and safely. However, the rise of quantum computers, with their overwhelming computational capabilities, will pose a threat to the security of cryptographic communications. Hopes are high for quantum key distribution as a method of secure encrypted communication. According to information theory, quantum key distribution, which uses the principles of quantum mechanics, is an unbreakable form of encryption. Toshiba is leading the world in developing unique technologies for accelerating and stabilizing quantum key distribution.

In this running feature, we'll explain this technology over the course of several articles. In part 1, we'll be looking at the principles of quantum key distribution technology and the BB84 protocol.

Information and communication networks (hereafter referred to simply as "networks") have become an integral part of our daily lives. The processing of payments made using electronic money or credit cards, which we use every day, is performed through networks. More and more appliances are becoming smart appliances -- devices such as televisions, air conditioners, and vacuum cleaners that can be controlled using smartphones or upgraded through network connections. In the business sector, sensors are being used in industries such as manufacturing and agriculture to collect data so that it can be used to improve quality and raise productivity.

The use of the IoT is advancing in various fields, accelerating the rate at which the objects around us are connected by networks. Society is expected to grow even more reliant on networks in the future.

The security of the communications carried by these networks is vitally important. Networks carry all kinds of confidential information regarding individuals, companies, nations, and more. This information is protected using encryption so that it won't be leaked to any third parties along the way, where it could be used to cause tremendous harm.

Many cryptographic communication technologies use complex formulas. It takes a prodigious amount of time to crack this encryption using modern computers, so the security of the transmitted data is protected.

However, the arrival and rapid evolution of quantum computers is beginning to threaten that security.

Hopes are being pinned on quantum computers, with their overwhelming computation abilities, as devices that will transform society. Thanks to research being conducted around the globe, they are drawing closer to actual practical application. However, this research has also discovered that quantum computers may be able to instantly crack encryption which would take thousands or tens of thousands of years to crack using conventional computers.

The ability to easily crack the encryption used in communications creates the risk of valuable information being leaked. The rise of quantum computers threatens the security afforded by current cryptographic communication technologies.

Eyes are turning to quantum key distribution as a new technology that can ensure the security of communications.

In modern cryptographic communication, a secret key (cryptographic key) used for decryption is sent via the internet, etc., using an encryption algorithm. With quantum key distribution, however, the cryptographic key is sent down optic fibers using photons (light particles), the smallest possible unit of light. Unlike modern cryptographic communication, which is secure because of the large amount of time it would take to extract the hidden cryptographic key (decrypting the encryption), quantum key distribution uses the principles of quantum mechanics to unconditionally guarantee the security of the key. No matter how fast future computers may become, it will still be impossible for eavesdroppers to capture cryptographic keys during transmission (Fig. 1).

There are several quantum key distribution protocols. One of the foremost is the BB84(*)+ decoy-state protocol.

Toshiba has used this protocol to develop a solution that ensures secure communications.

Cryptographic key information (known as bit information) is composed of 1s and 0s. The BB84 protocol encodes this bit information as photon states, such as polarization and phase, and transmits it.

Let's look at how BB84 works when information is encoded using polarization. The transmitter selects the "sending basis" from two types of polarization: rectilinear and diagonal. The values 1 or 0 (bit information) are assigned to each of these sending bases. When the sending basis is rectilinear polarization, 1 is horizontal polarization and 0 is vertical polarization. When the sending basis is diagonal polarization, 1 is diagonal polarization sloping upward and 0 is diagonal polarization sloping downward. The transmitter selects the sending basis and bit information at random, performs polarization with one of the four possible polarization directions, and transmits the photons. The receiver selects one of the two types of polarization at random and receives the photons. The type of polarization used here is called the "measuring basis." When sending and receiving photons, the 1s and 0s received by the receiver only generate a cryptographic key with the correct bit information when the transmitter's and receiver's bases match  (Fig. 2).

For example, when both the transmitter and the receiver select the same basis (rectilinear polarization), the receiver uses a filter that passes horizontally polarized light, and the transmitter sends horizontally polarized light, which represents a 1, the photon passes through the filter and reaches the receiver. If, instead, it sends vertically polarized light, which represents a 0, the photon does not pass through the filter. In other words, the receiver determines if the transmitter sent horizontally or vertically polarized light based on whether the receiver received photons, and can therefore correctly determine if the transmitted information was a 1 or a 0.

If the bases of the transmitter and the receiver differ, such as if the transmitter uses diagonal polarization when it sends photons but the receiver uses a vertical polarization filter when receiving them, only some of the diagonally polarized light will pass through the filter. Photons are the smallest unit of light, and cannot be subdivided, so whether or not photons can pass through the filter will be random. If the receiver uses the reception of photons alone to determine bit information, it will receive a random string of 1s and 0s.

In other words, the correct bit information will only be received if the bases of the transmitter and the receiver match. If they do not, the received results will be random. After photons are sent and received, the basis information is compared between the transmitter and the receiver, and only the bit information for the matching bases is used to generate the cryptographic key.

Now let's look at how the BB84 protocol can be used to reliably detect eavesdroppers.

Reliably detecting eavesdropping makes it possible to create cryptographic keys only from bit information which is guaranteed not to have been intercepted. This ensures that communications are secure.

Because photons are the smallest unit of light and cannot be subdivided, if a photon is intercepted by an eavesdropper, the number of photons that reach the receiver will be reduced. Even if the eavesdropper attempts to resend as many photons as they intercept, since they do not know the transmission basis, they won't be able to consistently match the transmission bases selected by the transmitter. Furthermore, according to quantum mechanics, when a photon is observed, its state changes, so the photon returned by the eavesdropper will differ from the original photon.

Even if the bases of the transmitter and the receiver match, the receiver will experience bit mismatches, so the bit error rate (the likelihood of bit errors) will change, and they will know for certain that their communication is being intercepted.

As the explanation above shows, the principles of quantum mechanics guarantee the security of quantum cryptographic communication. However, implementation presents its own challenges. The light sources that are currently available probabilistically send multiple photons at once. If multiple photons containing the same bit information are sent out at the same time and only one of them is intercepted, the recipient would not be able to detect that eavesdropping had occurred.

This problem is solved by mixing in decoy signals. Decoy signals are special signals that do not contain bit information, but instead are used purely for detecting signal interception. The eavesdropper cannot tell them from photons bearing bit information, so even if they intercept single photons from groups of simultaneously sent photons, they will also receive decoy signal photons. These decoy signals make it possible to detect the presence of eavesdroppers.

Toshiba has augmented the BB84 + decoy-state protocol with several proprietary technologies to achieve high-performance quantum key distribution. For example, noise elimination technology is used to improve photon detection rates and massive matrix operation parallelization is used to generate cryptographic keys, accelerating key delivery speeds.

Using quantum key distribution in a practical environment also requires greater stability in both the sending and receiving of photons. Individual photons are extremely weak particles of light, so they are easily affected by factors such as the ambient temperature of the optic fibers that carry them or the vibration of the optic fibers themselves. These factors can change the phase or polarization of the light. If the photons undergo changes such as these, the bit information that reaches the receiver will not be accurate. That's why Toshiba is tackling this major challenge facing quantum key distribution by developing new technologies for continuously stabilizing transmissions.

Our goal is to combine these strengths with networking and platform technologies in the future, making Toshiba one of the key players in the quantum key distribution service market, market poised for massive growth.

In this article, the first of this ongoing series, we've looked at the principles of quantum key distribution technology and the BB84 protocol. In the next article, we will present the unique technologies that Toshiba has developed through two decades of research, which will play a vital role in the practical deployment of quantum key distribution.

* Bennett and Brassard, Proceedings of IEEE International Conference on Computers Systems and Signal Processing, pp 175-179, 1984.

• Quantum Key Distribution