Quantum key distribution: (3) Entanglement-based cryptography
Part of my Womanium Global Quantum Project
In 1991, Artur Ekert proposed a more secure protocol using an Einstein-Rosen-Podolsky (EPR) pair (i.e. entangled pair of particles) with a security test based on violating a Bell’s inequality.
Before discussing E91 (Ekert’s entanglement-based protocol), let’s discuss first the theories behind it.
Entanglement
When we consider Schrödinger’s famous gedankenexperiment, we think of the cat that is dead and alive. But now we need to think of both the cat and the poison flask as a bipartite system. If you blindly grabbed the cat from the box, checked it and found that it is dead, you will instantly know without looking at the poison flask that it is broken. In this scenario, we can say that the cat’s state (dead or alive) is entangled with the flask’s state (sealed/intact or open/broken). Note here that this relationship in our context is about correlation rather than causation.
Entanglement is a phenomenon when two (or more!) particles are linked, even when spatially separated, so that the measurement of a property of one particle determines with certainty the value of a property of the other particle. This makes the measurement process of the polarization of a photon for instance decides the polarization of another photon with which the first photon is entangled, no matter how far it is.
But what if we checked and found the cat alive and the flask intact, then we checked again and found the cat dead while the flask was still intact? Does not it mean that the cat’s state is correlated with another factor, like the insufficiency of air?
Can we still say that the cat is entangled with flask? (1)
Are they either entangled or non-entangled and nothing in between?* (2)
To know the answer, we should discuss an interesting property of entanglement.
CHSH inequality and monogamy
To explain the effects of entanglement, that incorrectly seemed to violate a fundamental physical fact**, EPR (1935) proposed local hidden variables responsible for the quantum effects. Later in 1964, John Stewart Bell formulated a theorem upper bounding the correlations that can be explained classically. That is, if the correlated measurements of two particles satisfied a Bell’s inequality, the system is governed by classical physics. If they violated the inequality, the system is governed by quantum physics.
In 1969, John Clauser (Nobel 2022), Michael Horne, Abner Shimony, and Richard Holt (collectively CHSH) formulated the CHSH inequality based on Bell’s inequality.
If the value of |S| exceeds 2, i.e. violates the inequality, then the correlation is explained by quantum entanglement.
The upper bound of |S| for classical systems is 2. Correlations resulting from quantum entanglement, on the other hand, give values larger than 2 and up to 2√2, at which the particles are called maximally entangled.
Coming back to our questions above, we can now say that particles are not just entangled or non-entangled. Entanglement falls in a range from 0, non-entangled, to 1, maximally entangled, which corresponds with the value of |S| = 2√2.
This answers question (1), but question (2). If a particle is correlated with another, can we say that it is entangled with a third particle?
The short answer is ‘No’. Entanglement is monogamous, in the sense that it limits the correlation particle A can have with particle C if A is entangled with B. If A & B are maximally entangled (i.e. |S| = 2√2), A (or B) cannot be correlated/entangled with C. So, the cat’s correlation with the air in the box negates the entanglement with the flask in this scenario.
Together with CHSH inequality, the monogamy of entanglement plays a crucial role in entanglement-based cryptography.
E91 — The first entanglement-based quantum protocol
Ekert used the entanglement phenomenon to guarantee more security by performing a test to find how much the adversary managed to access.
The dual-channel setting is used in this protocol as well, but Alice here receives photons like Bob instead of preparing and sending them. A source is used to generate pairs of entangled photons in the singlet state and send each party one photon of the pair over the quantum channel. Alice and Bob measure the polarization at random bases and then discuss the results over the classical channel as follows:
- Alice and Bob reveal their measurement bases (directions).
- They divide them into two groups: different bases and same bases.
- They announce the results of the measurement at the different bases to calculate the value S (This is what we call the Bell test).
Ideally, the result should match |S| = 2√2 to ensure full security, but entanglement is fragile and affected by other factors, so values near to 2√2 can be considered secure. The nearer the result is to |S| = 2√2, the less disturbance and less information Charlie can access.
In this case, the result of the measurement at the same directions (which were NOT announced publicly in the classical channel) are used to form the secure key.
It should be noted that Alice and Bob’s measurements at the same bases would be anticorrelated****, which means that they will be the opposite of each other. If Alice got 0 after interpreting the polarization, Bob gets 1. So one of them should flip the key they get to share one symmetric key (as discussed here)
4. If the value of S was significantly lower than 2√2, this compromises the security and could indicate that eavesdropping happened, so the protocol should be repeated.
E91 provides more security indeed, but it assumes that the devices are secure and flawless (will act exactly like the mathematical calculations and will not commit any errors). So, this security is called theoretical security and in practice the story is different.
To face this problem, Device-independent QKD (DI-QKD) and Measurement device-independent QKD (MDI-QKD) are proposed as alternative solutions. The next article will discuss these protocols and possible attacks.
*It should be noted that this is rather a simplified analogy that leaves out other factors and that quantum effects are not observed in macroscopic systems.
**There is a misconception that entanglement violates the speed of light, but in fact it does not. Knowing the measurement of the other particle on the other side of the universe instantly, does not mean communicating such information instantly. This cannot violate the speed of light.
*** E is the correlation between two particles, which is the probability that their measurements agree less the probability that they disagree. E= P(agree) — P(disagree)
The letters a, b, a’ and b’ refer to the rotation angles of qubits. In the case of the singlet state (an entangled state), E can be calculated without experimentation as E(a,b) = — cos (a — b).
Experimentally (using IBM Quantum if you are familiar with it), E is calculated as follows:
Where N is the number of coincidences categorized in ++, +-, -+ and — . If you used IBM Quantum to prepare a singlet state and measure the qubits at 2 angles of rotation around the y-axis for each qubit, you will get these results:
Here N++ = 13, N+ — = 423,N — + =568 , N — — =20
The graph below shows the experimental results I got using a real quantum computer via IBM Quantum to measure the correlations for a singlet state compared to the mathematical prediction using — cos (a — b).
Quite close!
**** Measurements of entangled particles are not necessarily opposite to each other. This is because Alice and Bob in this protocol uses the singlet state expressed below:
Opinions expressed here, if any, are solely my own and do not represent any entity’s views.
