Journal of Cryptology

, Volume 5, Issue 1, pp 3–28 | Cite as

Experimental quantum cryptography

  • Charles H. Bennett
  • François Bessette
  • Gilles Brassard
  • Louis Salvail
  • John Smolin


We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: (1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; (2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally (3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of the usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power.

Key words

Key distribution Polarized light Privacy amplification Public discussion Quantum cryptography Reconciliation protocols Uncertainty principle Unconditional security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Bengio, S., G. Brassard, Y. Desmedt, C. Goutier, and J.-J. Quisquater, Secure implementation of identification systems, Journal of Cryptology, Vol. 4, no. 3, 1991, pp. 175–183.Google Scholar
  2. [2]
    Bennett, C. H. and G. Brassard, An update on quantum cryptography, Advances in Cryptology: Proceedings of Crypto '84, August 1984, Springer-Verlag, New York, pp. 475–480.Google Scholar
  3. [3]
    Bennett, C. H. and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, December 1984, pp. 175–179.Google Scholar
  4. [4]
    Bennett, C. H. and G. Brassard, Quantum public key distribution system, IBM Technical Disclosure Bulletin, Vol. 28, 1985, pp. 3153–3163.Google Scholar
  5. [5]
    Bennett, C. H. and G. Brassard, The dawn of a new era for quantum cryptography: The experimental prototype is working!, Sigact News, Vol. 20, no. 4, Fall 1989, pp. 78–82.Google Scholar
  6. [6]
    Bennett, C. H., G. Brassard, and S. Breidbart, Quantum cryptography II: How to re-use a one-time pad safely even if P=N P, unpublished manuscript available from the authors, November 1982.Google Scholar
  7. [7]
    Bennett, C. H., G. Brassard, S. Breidbart, and S. Wiesner, Quantum cryptography, or unforgeable subway tokens, Advances in Cryptology: Proceedings of Crypto '82, August 1982, Plenum, New York, pp. 267–275.Google Scholar
  8. [8]
    Bennett, C. H., G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer, Advances in Cryptology—Crypto '91 Proceedings (to appear).Google Scholar
  9. [9]
    Bennett, C. H., G. Brassard, C. Crépeau, and U. M. Maurer, Privacy amplification against probabilistic information, in preparation.Google Scholar
  10. [10]
    Bennett, C. H., G. Brassard, and N. D. Mermin, Quantum cryptography without Bell's theorem and without Einstein-Podolsky-Rosen states, Physical Review Letters (to appear).Google Scholar
  11. [11]
    Bennett, C. H., G. Brassard, and J.-M. Robert, How to reduce your enemy's information, Advances in Crytology—Crypto '85 Proceedings, August 1985, Springer-Verlag, New York, pp. 468–476.Google Scholar
  12. [12]
    Bennett, C. H., G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, no. 2, April 1988, pp. 210–229.Google Scholar
  13. [13]
    Brassard, G., Modern Cryptology: A Tutorial, Lecture Notes in Computer Science, Vol. 325, Springer-Verlag, Heidelberg, 1988.Google Scholar
  14. [14]
    Brassard, G. and C. Crépeau, Quantum bit commitment and coin tossing protocols, Advances in Cryptology—Crypto '90 Proceedings (to appear).Google Scholar
  15. [15]
    Brickell, E. F. and A. M. Odlyzko, Cryptanalysis: A survey of recent results, Proceedings of the IEEE, Vol. 76, no. 5, May 1988, pp. 578–593.Google Scholar
  16. [16]
    Crépeau, C., Correct and private reductions among oblivious transfers, PhD Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, February 1990.Google Scholar
  17. [17]
    Crépeau, C. and J. Kilian, Achieving oblivious transfer using weakened security assumptions, Proceedings of 29th IEEE Symposium on the Foundations of Computer Science, White Plains, New York, October 1988, pp. 42–52.Google Scholar
  18. [18]
    Deutsch, D., Quantum communication thwarts eavesdroppers, New Scientist, 9 December, 1989, pp. 25–26.Google Scholar
  19. [19]
    Ekert, A., Quantum cryptography based on Bell's theorem, Physical Review Letters, Vol. 67, no. 6, August 1991, pp. 661–663.Google Scholar
  20. [20]
    Gottlieb, A., Conjugal secrets—The untappable quantum telephone, The Economist, Vol. 311, no. 7599, 22 April 1989, p. 81.Google Scholar
  21. [21]
    Impagliazzo, R. and D. Zuckerman, How to Recycle Random Bits, Proceedings of 30th IEEE Symposium on the Foundations of Computer Science, Research Triangle Park, North Carolina, October 1989, pp. 248–253.Google Scholar
  22. [22]
    Léger, C., personal communication.Google Scholar
  23. [23]
    Peterson, I., Bits of uncertainty: Quantum security, Science News, Vol. 137, 2 June 1990, pp. 342–343.Google Scholar
  24. [24]
    Robert, J.-M., Détection et correction d'erreurs en cryptographie, Masters Thesis, Département d'informatique et de recherche opérationnelle, Université de Montréal, Montréal (Québec), Canada, 1985.Google Scholar
  25. [25]
    Wallich, P., Quantum cryptography, Scientific American, Vol. 260, no. 5, May 1989, pp. 28–30.Google Scholar
  26. [26]
    Wegman, M. N. and J. L. Carter, New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences, Vol. 22, 1981, pp. 265–279.Google Scholar
  27. [27]
    Wiesner, S., Conjugate coding, manuscript written circa 1970, unpublished until it appeared in Sigact News, Vol. 15, no. 1, 1983, pp. 78–88.Google Scholar

Copyright information

© International Association for Cryptologic Research 1992

Authors and Affiliations

  • Charles H. Bennett
    • 1
  • François Bessette
    • 2
  • Gilles Brassard
    • 2
  • Louis Salvail
    • 2
  • John Smolin
    • 3
  1. 1.IBM Research, Yorktown HeightsNew YorkUSA
  2. 2.Départment IROUniversité de MontréalMontréalCanada
  3. 3.Physics DepartmentUniversity of California at Los AnglesLos AngelesUSA

Personalised recommendations