Experimental quantum cryptography. (English) Zbl 1114.94005

Summary: We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: (1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; (2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally (3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party’s expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of the usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power.
A preliminary version was published in Advances in cryptology – EUROCRYPT ’90 (Aarhus, 1990, Lect. Notes Comput. Sci. 473, 253–265 (1991).


94A60 Cryptography
81P68 Quantum computation
Full Text: DOI


[1] Bengio, S.; Brassard, G.; Desmedt, Y.; Goutier, C.; Quisquater, J.-J., Secure implementation of identification systems, Journal of Cryptology, Vol. 4, no. 3, 175-183 (1991)
[2] Bennett, C. H.; Brassard, G., An update on quantum cryptography, Advances in Cryptology: Proceedings of Crypto ’84, 475-480 (1984), New York: Springer-Verlag, New York · Zbl 1359.81102
[3] Bennett, C. H. and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, December 1984, pp. 175-179. · Zbl 1306.81030
[4] Bennett, C. H.; Brassard, G., Quantum public key distribution system, IBM Technical Disclosure Bulletin, Vol. 28, 3153-3163 (1985)
[5] Bennett, C. H.; Brassard, G., The dawn of a new era for quantum cryptography: The experimental prototype is working!, Sigact News, Vol. 20, no. 4, 78-82 (1989)
[6] Bennett, C. H., G. Brassard, and S. Breidbart, Quantum cryptography II: How to re-use a one-time pad safely even if P=NP, unpublished manuscript available from the authors, November 1982. · Zbl 1404.81083
[7] Bennett, C. H.; Brassard, G.; Breidbart, S.; Wiesner, S., Quantum cryptography, or unforgeable subway tokens, Advances in Cryptology: Proceedings of Crypto ’82, 267-275 (1982), New York: Plenum, New York
[8] Bennett, C. H., G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer, Advances in Cryptology—Crypto ’91 Proceedings (to appear).
[9] Bennett, C. H., G. Brassard, C. Crépeau, and U. M. Maurer, Privacy amplification against probabilistic information, in preparation. · Zbl 0856.94018
[10] Bennett, C. H., G. Brassard, and N. D. Mermin, Quantum cryptography without Bell’s theorem and without Einstein-Podolsky-Rosen states, Physical Review Letters (to appear). · Zbl 0969.94500
[11] Bennett, C. H.; Brassard, G.; Robert, J.-M., How to reduce your enemy’s information, Advances in Crytology—Crypto ’85 Proceedings, 468-476 (1985), New York: Springer-Verlag, New York
[12] Bennett, C. H.; Brassard, G.; Robert, J.-M., Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, no. 2, 210-229 (1988) · Zbl 0644.94010
[13] Brassard, G., Modern Cryptology: A Tutorial (1988), Heidelberg: Springer-Verlag, Heidelberg · Zbl 0661.94010
[14] Brassard, G. and C. Crépeau, Quantum bit commitment and coin tossing protocols, Advances in Cryptology—Crypto ’90 Proceedings (to appear). · Zbl 0800.68415
[15] Brickell, E. F.; Odlyzko, A. M., Cryptanalysis: A survey of recent results, Proceedings of the IEEE, Vol. 76, no. 5, 578-593 (1988) · Zbl 0818.94014
[16] Crépeau, C., Correct and private reductions among oblivious transfers, PhD Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, February 1990.
[17] Crépeau, C. and J. Kilian, Achieving oblivious transfer using weakened security assumptions, Proceedings of 29th IEEE Symposium on the Foundations of Computer Science, White Plains, New York, October 1988, pp. 42-52.
[18] Deutsch, D., Quantum communication thwarts eavesdroppers, New Scientist, 9 December, 1989, pp. 25-26.
[19] Ekert, A., Quantum cryptography based on Bell’s theorem, Physical Review Letters, Vol. 67, no. 6, 661-663 (1991) · Zbl 0990.94509
[20] Gottlieb, A., Conjugal secrets—The untappable quantum telephone, The Economist, Vol. 311, no. 7599, 81 (221989)
[21] Impagliazzo, R. and D. Zuckerman, How to Recycle Random Bits, Proceedings of 30th IEEE Symposium on the Foundations of Computer Science, Research Triangle Park, North Carolina, October 1989, pp. 248-253.
[22] Léger, C., personal communication.
[23] Peterson, I., Bits of uncertainty: Quantum security, Science News, Vol. 137, 342-343 (21990)
[24] Robert, J.-M., Détection et correction d’erreurs en cryptographie (1985), Montréal (Québec), Canada: Département d’informatique et de recherche opérationnelle, Université de Montréal, Montréal (Québec), Canada
[25] Wallich, P., Quantum cryptography, Scientific American, Vol. 260, no. 5, 28-30 (1989)
[26] Wegman, M. N.; Carter, J. L., New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences, Vol. 22, 265-279 (1981) · Zbl 0461.68074
[27] Wiesner, S., Conjugate coding, manuscript written circa 1970, unpublished until it appeared in Sigact News, Vol. 15, no. 1, 1983, pp. 78-88.
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.