We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: (1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; (2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally (3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of the usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power.
Bengio, S., G. Brassard, Y. Desmedt, C. Goutier, and J.-J. Quisquater, Secure implementation of identification systems, Journal of Cryptology, Vol. 4, no. 3, 1991, pp. 175–183.
Bennett, C. H. and G. Brassard, An update on quantum cryptography, Advances in Cryptology: Proceedings of Crypto '84, August 1984, Springer-Verlag, New York, pp. 475–480.
Bennett, C. H. and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, December 1984, pp. 175–179.
Bennett, C. H. and G. Brassard, Quantum public key distribution system, IBM Technical Disclosure Bulletin, Vol. 28, 1985, pp. 3153–3163.
Bennett, C. H. and G. Brassard, The dawn of a new era for quantum cryptography: The experimental prototype is working!, Sigact News, Vol. 20, no. 4, Fall 1989, pp. 78–82.
Bennett, C. H., G. Brassard, and S. Breidbart, Quantum cryptography II: How to re-use a one-time pad safely even if P=N P, unpublished manuscript available from the authors, November 1982.
Bennett, C. H., G. Brassard, S. Breidbart, and S. Wiesner, Quantum cryptography, or unforgeable subway tokens, Advances in Cryptology: Proceedings of Crypto '82, August 1982, Plenum, New York, pp. 267–275.
Bennett, C. H., G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer, Advances in Cryptology—Crypto '91 Proceedings (to appear).
Bennett, C. H., G. Brassard, C. Crépeau, and U. M. Maurer, Privacy amplification against probabilistic information, in preparation.
Bennett, C. H., G. Brassard, and N. D. Mermin, Quantum cryptography without Bell's theorem and without Einstein-Podolsky-Rosen states, Physical Review Letters (to appear).
Bennett, C. H., G. Brassard, and J.-M. Robert, How to reduce your enemy's information, Advances in Crytology—Crypto '85 Proceedings, August 1985, Springer-Verlag, New York, pp. 468–476.
Bennett, C. H., G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, no. 2, April 1988, pp. 210–229.
Brassard, G., Modern Cryptology: A Tutorial, Lecture Notes in Computer Science, Vol. 325, Springer-Verlag, Heidelberg, 1988.
Brassard, G. and C. Crépeau, Quantum bit commitment and coin tossing protocols, Advances in Cryptology—Crypto '90 Proceedings (to appear).
Brickell, E. F. and A. M. Odlyzko, Cryptanalysis: A survey of recent results, Proceedings of the IEEE, Vol. 76, no. 5, May 1988, pp. 578–593.
Crépeau, C., Correct and private reductions among oblivious transfers, PhD Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, February 1990.
Crépeau, C. and J. Kilian, Achieving oblivious transfer using weakened security assumptions, Proceedings of 29th IEEE Symposium on the Foundations of Computer Science, White Plains, New York, October 1988, pp. 42–52.
Deutsch, D., Quantum communication thwarts eavesdroppers, New Scientist, 9 December, 1989, pp. 25–26.
Ekert, A., Quantum cryptography based on Bell's theorem, Physical Review Letters, Vol. 67, no. 6, August 1991, pp. 661–663.
Gottlieb, A., Conjugal secrets—The untappable quantum telephone, The Economist, Vol. 311, no. 7599, 22 April 1989, p. 81.
Impagliazzo, R. and D. Zuckerman, How to Recycle Random Bits, Proceedings of 30th IEEE Symposium on the Foundations of Computer Science, Research Triangle Park, North Carolina, October 1989, pp. 248–253.
Léger, C., personal communication.
Peterson, I., Bits of uncertainty: Quantum security, Science News, Vol. 137, 2 June 1990, pp. 342–343.
Robert, J.-M., Détection et correction d'erreurs en cryptographie, Masters Thesis, Département d'informatique et de recherche opérationnelle, Université de Montréal, Montréal (Québec), Canada, 1985.
Wallich, P., Quantum cryptography, Scientific American, Vol. 260, no. 5, May 1989, pp. 28–30.
Wegman, M. N. and J. L. Carter, New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences, Vol. 22, 1981, pp. 265–279.
Wiesner, S., Conjugate coding, manuscript written circa 1970, unpublished until it appeared in Sigact News, Vol. 15, no. 1, 1983, pp. 78–88.
This paper was accepted prior to the present Editor-in-Chief taking responsibility. A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp. 253–265. François Bessette was supported in part by an NSERC Postgraduate Scholarship. Gilles Brassard was supported in part by Canada's NSERC. This work was performed while John Smolin was visiting IBM Research.
About this article
Cite this article
Bennett, C.H., Bessette, F., Brassard, G. et al. Experimental quantum cryptography. J. Cryptology 5, 3–28 (1992). https://doi.org/10.1007/BF00191318
- Key distribution
- Polarized light
- Privacy amplification
- Public discussion
- Quantum cryptography
- Reconciliation protocols
- Uncertainty principle
- Unconditional security