Cryptography
Short History
The origins of cryptography date back to around 1900 B.C., when an Egyptian scribe inscribed a text using unconventional hieroglyphs in Menet Khufu, specifically on the tomb of Khnumhotep II This early example of cryptography did not aim for secrecy; rather, it served to elevate the text's dignity Only those with advanced education could decipher the hieroglyphs, making it accessible to a select few Although this inscription is the oldest known instance of text transformation, its purpose was to embellish rather than to protect the content's privacy.
In 1500 B.C., ancient Assyrian merchants utilized intaglio, a flat stone featuring a collage of images and inscriptions, to identify themselves in trade transactions This early form of identification is akin to what we now refer to as a "digital signature." Each intaglio was uniquely engraved, signifying that only the specific trader could produce their distinctive signature.
Between 500 and 600 B.C., Hebrew scribes utilized a reversed-alphabet substitution cipher called ATBASH while transcribing the book of Jeremiah The term ATBASH is derived from the first, last, second, and second-to-last letters of the Hebrew alphabet (Aleph, Tav, Beth, Shin) This cipher functions by replacing each letter in the alphabet with its corresponding letter from the opposite end, effectively reversing the order of the alphabet The equivalent ATBASH cipher for the Latin alphabet can be found in Table 1.1.
Table 1.1 ATBASH cipher of the Latin alphabet Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZ
In 487 B.C., the Greeks used a device named “skytale” to hide messages.
A skytale is an ancient encryption tool used for transposition ciphers, consisting of a cylinder wrapped with a leather strip on which a message is written After encryption, the leather strip is removed and can be worn as a belt, with the recipient possessing a corresponding cylinder to decipher the message by re-wrapping the leather Additionally, around 100–44 B.C., Julius Caesar implemented a simple substitution cipher to enhance communication with his generals, utilizing a three-position shift for encryption.
In Eq (1.1),Xis the alphabet numberX(e.g.,X= 1 forA,X= 2 forB, etc.,) and
Yis the transformed alphabet The letterAin the plaintext will thus map intoD, and
ZintoC is a cipher that, while considered weaker than ATBASH, was effective during its introduction when literacy rates were low, making it sufficient to conceal the message's content.
Around 725–790 A.D., Abu `Abd al-Rahman al-Khalil ibn Ahmad al-Farahidi authored a now-lost book on cryptology, inspired by his successful solution of a Greek cryptogram for the Byzantine emperor His approach utilized what is known today as the known plaintext attack, a cryptanalytic method that was later employed during World War II to decipher Enigma messages.
In 1379, at the request of Clement VII, Gabriel di Lavinde created a unique combination of substitution alphabets and small codes, known as the Vatican ciphers These ciphers primarily utilized monoalphabetic techniques and incorporated "nulls," which are distinct cipher shapes that convey no meaning The inclusion of nulls was a strategic move aimed at misleading cryptanalysts.
Gabrieli de Lavinde’s cipher register features numerous ciphers that include a nomenclator, which is a list of shapes used to represent entire words, blending elements of both ciphers and codes The purpose of incorporating nomenclators in the 14th century remains uncertain, as it is unclear whether they were implemented for enhanced security, increased speed, or greater brevity.
In 1466, Leon Battista Alberti created the first polyalphabetic cipher, detailed in his treatise De Cifris This innovative cipher utilized a device known as the Formula, which consists of two concentric disks—Stabilis, the larger disk, and Mobilis, the smaller one—attached by a common pin that allows them to rotate independently Remarkably, this type of cipher remained unbroken until the 1800s.
In 1553, Giovan Batista Bellaso introduced the La Cifra De Sig, a revolutionary text autokey cipher that remained unbreakable for four centuries He innovatively combined the Tabula Recta with a unique passphrase, separate from the encoded message, which made the cipher nearly impossible to decipher at the time.
Bellaso's method gained significant recognition over thirty years later when Blaise de Vigenère introduced it to King Henry III of France as the Autokey Cipher Its resistance to cryptanalytic attacks led to its rapid popularity, resulting in the cipher being named after Vigenère Today, the Tabula Recta is still referred to as the Vigenère Square in certain circles.
In 1563, Giovanni Battista Porta introduced the digraphic cipher in his publication on ciphers, classifying them into three primary categories: transposition, substitution, and symbol substitution He also recommended using synonyms and intentional misspellings in plaintext messages to confuse cryptanalysts.
In 1586, French diplomat Blaise de Vigenère introduced a polyalphabetic cipher, enhancing the traditional Caesar cipher by shifting each letter of the alphabet by varying amounts This method utilizes multiple Caesar ciphers in succession, guided by a table of alphabets for encryption Later, in 1926, Lester S Hill developed the Hill Cipher, a modern substitution cipher that further advanced cryptographic techniques.
The first practical polygraphic substitution cipher allows for the simultaneous operation on multiple symbols, significantly complicating frequency attacks by obscuring the frequency distribution of letters.
In 1623, Sir Francis Bacon developed the Baconian cipher, a method that combines steganography and substitution techniques This bilateral cipher employs a 5-bit binary encoding system, where each letter of the plaintext is substituted with a group of five letters, either 'A' or 'B' The encoding process follows the specific alphabet outlined in the Baconian cipher, as detailed in Table 1.2.
Classical Cryptography Limitations
Throughout history, the widespread use of encryption has been limited by key management challenges Key management involves the secure administration of keys, ensuring users have access when needed Traditionally, symmetric cryptography was employed, which allows for safe transmission of encrypted messages but presents difficulties in securely transferring keys to recipients As the number of users in a network grows, the demand for keys increases exponentially The advent of public-key cryptography has been crucial in addressing these key management issues, particularly for large-scale networks.
A significant advancement in cryptography is the development of public-key cryptosystems, which eliminates the necessity of using a single key for both encryption and decryption This innovation enhances security and efficiency in data protection.
[5] With public-key cryptography, keys come in pairs of matched “public” and
Public-key cryptography involves a pair of keys: a public key that can be shared openly and a private key that must remain confidential to its owner Operations such as encryption performed with the public key can only be reversed using the corresponding private key Before the advent of public-key cryptography, managing keys in large-scale networks was nearly unfeasible Despite its advantages, public-key cryptography does not fully resolve the key management challenges.
Public key cryptography relies on one-way functions, which are mathematical functions that can be easily computed in one direction but are challenging to reverse The strength of a one-way function is indicated by the time required to compute its inverse; if this time increases exponentially with the input size, the function is considered robust The security of these cryptographic systems is fundamentally based on this principle.
(1) They have withstood the test of time since there is no published algorithm that will provide a shortcut to breaking the cipher.
As computing power continues to grow, a cipher deemed secure today may become vulnerable in the future This underscores the necessity for ongoing enhancements to cryptographic algorithms, ensuring they are adaptable to evolving technological landscapes.
Popularly used asymmetric key encryption algorithms include El Gamal, RSA,and Rabin [26,27].
Quantum Cryptography as a Solution
The shortcomings of classical cryptography can be stated as follows:
The security of one-way functions lacks a mathematical proof, leaving them potentially vulnerable to future advancements in algorithms that could efficiently invert these functions Additionally, as computing power continues to grow, the risk of successful brute-force attacks on cryptographic systems relying on one-way functions also increases.
The security of cryptographic keys during their generation and transmission cannot be fully assured This applies equally to keys that are randomly selected from an appropriately defined set of values and to those generated through a specific function.
(3) Once a cipher has been compromised, there is no obvious method by which the participants in the secure communication can determine that a breach has occurred [28].
Researchers are increasingly focused on enhancing security measures in response to vulnerabilities in conventional cryptographic systems A notable example is Grover’s quantum database search algorithm, which dramatically reduces the time required to solve the unsorted database search problem from O(N) for classical computers to O(√N), where N represents the number of entries in the database.
Quantum Cryptography, initially proposed in 1970 and published in 1983, aims to address secure key distribution challenges The first protocol for this innovative technology was introduced in a 1984 paper by Bennett and Brassard As a result, it is commonly referred to as Quantum Key Distribution (QKD) or Quantum Key Exchange, highlighting its focus on secure communication methods.
The basics of the quantum key distribution rest on two main principles: theHeisenberg uncertainty principle and the no-cloning theorem [16,24].
Quantum Cryptography
Modern cryptographic systems utilize both symmetric and asymmetric cryptography, where public key cryptography facilitates key distribution, and symmetric encryption secures message encoding and decoding The effectiveness of these systems relies on robust one-way functions, yet their strength remains unproven Additionally, the potential of quantum computers to employ efficient factorization algorithms poses a significant threat to asymmetric encryption schemes, rendering current cryptographic techniques vulnerable Moreover, emerging cryptanalysis methods could retroactively compromise past applications, highlighting the urgent need for enhanced security measures in cryptography.
In the past two decades, quantum physics has revolutionized cryptography through the emergence of quantum cryptography, which utilizes the principles of quantum mechanics to ensure unconditionally secure data transmission Primarily focused on key distribution, this innovative approach is known as Quantum Key Distribution (QKD) The following section will delve deeper into the concepts of quantum cryptography and QKD.
Quantum World
Polarization Concept
Photons, renowned as the primary carriers of quantum bits, possess a fundamental characteristic known as polarization This article will provide a brief overview of polarization and its significance in the realm of quantum cryptography.
Light is an electromagnetic wave that travels through a medium, consisting of photons and characterized by perpendicular electric and magnetic fields It demonstrates polarization, allowing us to focus on either the electric or magnetic field component, as they are interrelated Typically, discussions about the polarization state of light emphasize the electric field.
Light can be classified as polarized or unpolarized Polarized light is characterized by the orientation of its electric field vector in a plane that is perpendicular to its direction of travel This polarization can take various forms, including linear polarization, circular polarization, or elliptical polarization, which represents a combination of the two.
In quantum mechanics, the polarization of photons can be represented using linear orthogonal axes, with a vertically polarized photon denoted as |V⟩ and a horizontally polarized photon as |H⟩ The general state of polarization is expressed in Dirac notation as |ψ⟩ = aV|V⟩ + aH|H⟩, where aV and aH are the probability amplitudes Importantly, the condition |aV|² + |aH|² = 1 ensures that the polarization state is represented by a unit vector, encapsulating the fundamental properties of photon polarization.
Any two orthogonal polarizations create a basis for photon polarization representation For instance, linearly polarized photons oriented along the diagonals can be expressed using this basis.
In conventional quantum cryptography, we mainly use two bases: the (+) or rectilinear basis which isfj i;H j iV gbasis, and the () or diagonal basis which is p 4 ; p 4 basis.
Photons are fully polarized and can exhibit linear, circular, or elliptical polarization states To generate a stream of horizontally polarized photons, we can use a horizontal polarizing filter When we measure the polarization of these photons with a second filter, we observe that no photons pass through if the filter is oriented vertically; however, some photons will pass through when the filter is positioned at other angles.
Quantum physics dictates that each photon in a stream has a specific probability of passing through a measurement filter, which is influenced by the filter's orientation and ranges from 0 to 1 For instance, when light is horizontally polarized, photons have a probability of 1 to pass through a horizontally positioned filter However, this probability decreases to 1/2 at a 45-degree angle and drops to 0 when the filter is positioned vertically.
Quantum Cryptography
Quantum cryptography, specifically quantum key distribution (QKD), utilizes the principles of physics to ensure completely secure information transfer between a sender, Alice, and a receiver, Bob This process allows them to share a random secret key for encryption and authentication, offering unconditional security that surpasses traditional methods reliant on computational complexity The initial implementation of QKD was established through the BB84 protocol.
In 1984, Bennet and Brassard introduced the BB84 protocol, highlighting that quantum states are more effective for information exchange than for storage This concept builds on Stephen Wiesner's 1970 proposal of Quantum Money, which suggested creating bank notes that are impossible to forge by assigning a series of isolated two-state quantum markers along with a unique serial number to each note.
In a hypothetical scenario, bank notes are linked to photons that exhibit one of four polarization states: 0°, 45°, 90°, and 135° These states represent a two-state system within two distinct bases: the rectilinear basis, which includes polarization states at 0° and 90° to the vertical, and the diagonal basis, which encompasses states at 45° and 135° to the vertical.
The bank maintains a record of all polarizations and their corresponding serial numbers, with the serial numbers printed on banknotes and the polarization states kept confidential This allows the bank to verify polarizations without causing any disturbance, a capability that counterfeiters lack Although Wiesner's proposed system is impractical, its foundational concept has inspired the development of various Quantum Key Distribution protocols currently in use.
In addition to the BB84 protocol, several alternatives have been proposed, including B92, the six-state protocol, BBM92, and SARG04 Quantum Key Distribution (QKD) requires both a quantum and a classical channel, necessitating a pre-established method for the communicating parties to authenticate each other Unconditionally secure classical authentication schemes, such as the Wegman-Carter authentication scheme, exist to facilitate this process QKD, along with other quantum mechanics-based protocols, addresses security challenges that classical methods cannot solve, highlighting the need for QKD-based cryptographic systems.
Quantum Key Distribution (QKD) has sparked a debate among researchers regarding its necessity While some view QKD as a solution in search of a problem, lacking immediate or future applications, others believe it is essential for safeguarding cryptography, which they argue is on the verge of failure.
Cryptography stands as a pivotal achievement in the realm of information security, allowing sensitive data to be transmitted securely even in vulnerable environments When implemented correctly, it serves as a robust defense mechanism, with system failures often attributed to inadequate key management or human error rather than flaws in the cryptographic scheme itself Quantum Key Distribution (QKD) offers the potential for unconditional security, making it particularly suitable for applications like banking However, for QKD to gain broader business traction, it must address specific business challenges, reduce costs, and enhance procedural efficiency Ongoing research and development are focused on improving the efficiency of QKD algorithms and lowering the expenses associated with the necessary deployment equipment.
Bruce Schneier states that“Security is a chain: it is as strong as its weakest link”
Quantum Key Distribution (QKD) is often viewed as both impressive and ultimately futile, as enhancing the most secure components of a network may simply drive hackers to exploit other vulnerabilities Therefore, it is essential to scrutinize the assertions made by advocates of QKD The factors influencing the widespread adoption of QKD can be summarized as follows.
(1) Increasing number of applications where currently used cryptographic tech- niques are considered ineffective and not secure enough.
Recent advancements in mathematical techniques pose a significant threat to existing cryptographic methods, particularly due to the rapid ability to factor large composite numbers into their prime components.
(3) Availability of an appropriately functional quantum computer.
Cryptographic techniques, including Quantum Key Distribution (QKD), may never achieve unconditional security, particularly when implemented on real devices However, QKD stands out as a promising method to offer the highest level of security available Understanding the concept of unconditional security and its specific conditions is crucial in evaluating the effectiveness of these cryptographic methods.
Quantum Key Distribution (QKD) is essential due to its ability to provide unconditional security, meaning its security can be verified regardless of the eavesdropper's techniques An eavesdropper, known as Eve, must interact with the quantum system to extract information about the transmitted state, and these interactions can be measured For example, when Alice encodes her message using randomly chosen non-orthogonal states, any interference from Eve will alter the encoded state, leading to detectable errors at both Alice's and Bob's ends These errors effectively limit the amount of information Eve can obtain.
It is important to note that unconditional security differs from absolute security, as absolute security is unattainable In practice, the unconditional security asserted in Quantum Key Distribution (QKD) is valid only under specific conditions The criteria for achieving unconditionally secure QKD include several essential requirements.
1 An eavesdropper, Eve, cannot intrude Alice’s and Bob’s devices In addition, he/she cannot tamper with their setting choices, such as the basis choice.
2 The random number generator must be fully trusted by Alice and Bob This generator is used to select the states to be sent by Alice and the measurement basis choice by Bob.
3 Unconditionally secure authentication protocols [49] must be used to authenti- cate the classical channel.
4 An eavesdropper has to obey the laws of quantum physics In other words, the security of the QKD protocols is based on a restricted set of quantum physics laws.
The failure to meet the necessary requirements can jeopardize the security of a Quantum Key Distribution (QKD) protocol It is important to recognize that even when all conditions are satisfied, unconditional security cannot be assured at the implementation level Furthermore, the implementation must ensure that there is no leakage of unwanted information.
Key distribution utilizing quantum states marks a pivotal advancement in security, offering a viable solution for secure communication in the quantum computing era Despite its potential, the technology enabling Quantum Key Distribution (QKD) remains in its early stages and faces numerous challenges The constraints of systems employing the BB84 QKD protocol highlight these limitations.
Post-quantum Cryptography
Lattice-Based Cryptography
Lattice-based cryptography is a promising class of classical cryptography for the post-quantum era, offering simplicity and strong security proofs grounded in worst-case hardness Its efficient implementations make it a viable option against potential quantum computer attacks, and it has been extensively researched in various studies.
A lattice is a set of points in n-dimensional space with a periodic structure, such as the one illustrated in Fig.1.9.
In the context of n-linearly independent vectors b₁, , bₙ in Rⁿ, the lattice generated by these vectors is defined as the set of all vectors L(b₁, , bₙ) = {Σ xᵢbᵢ | xᵢ ∈ Z} The vectors b₁, , bₙ serve as the basis for this lattice.
Lattice-based cryptography emerged from Ajtai's groundbreaking research, which laid the foundation for a new field dedicated to enhancing and diversifying lattice-based cryptographic systems This area of study aims to develop more effective and practical cryptosystems utilizing lattice structures.
The example of lattice-based cryptosystems that attracted the most attention is the “NTRU” public-key-encryption system (1998) NTRU is a ring-based cryp- tosystem proposed by Hoffstein et al [62].
Multivariate Cryptography
Multivariate cryptography refers to a category of cryptosystems where public keys are formed by a collection of multivariate polynomials Specifically, it involves public-key cryptography (PKC) that utilizes a trapdoor one-way function represented as a multivariate quadratic polynomial map over a finite field Typically, the public key is represented by a series of quadratic polynomials.
The ciphertext is represented as a polynomial evaluation, denoted by P(x1, , xn) = M(p1(x1, , xn), p2(x1, , xn), , pm(x1, , xn)) To successfully decrypt the message, the receiver must possess a specific trapdoor that allows for the inversion of this polynomial evaluation This process ensures that the original plaintext, M(x1, , xn), can be accurately retrieved from the ciphertext.
Some of the most recognized multivariate public-key cryptosystems include C by Matsumoto and Imai, HFE (Hidden Field Equations) developed by Patarin, UOV (Unbalanced Oil and Vinegar) introduced by Kipnis et al., and Rainbow/TTS created by Ding and Schmidt.
Hash-Based Cryptography
Hash-based cryptography refers to cryptographic schemes that utilize hash functions to secure communication Currently, its application is primarily limited to digital signature schemes, which ensure data authenticity, integrity, and non-repudiation These digital signatures play a vital role in identification and authentication protocols Therefore, the development of secure digital signature algorithms is essential for maintaining IT security in the era of post-quantum cryptography.
Current digital signature algorithms like RSA, DSA, and ECDSA are vulnerable to quantum computing threats, as their security relies on the difficulty of factoring large integers The effectiveness of hash-based signature schemes hinges on the collision resistance of the employed hash functions For a digital signature scheme to securely sign various documents using a single private key, it must utilize a collision-resistant hash function Essentially, digital signatures convert documents of varying lengths into fixed-length strings, and if two documents share the same digital signature, the scheme's security is compromised Consequently, hash-based signature schemes emerge as prominent candidates for post-quantum security While there is no definitive proof that hash functions are resistant to quantum attacks, their security requirements remain relatively minimal.
Hash-based signature schemes, developed by Ralph Merkle in 1979, utilize Merkle trees for their functionality This innovative scheme builds upon Lamport's one-time signature approach A key benefit of Merkle's signature scheme is its resilience against potential threats from quantum computers, particularly those employing Shor's algorithm.
Code-Based Cryptography
Code-based cryptography refers to cryptosystems that utilize a one-way function in conjunction with an error-correcting code, denoted as C This one-way function can involve either introducing an error into a message or computing a syndrome based on the parity check matrix associated with code C.
The McEliece cryptosystem, introduced by Robert McEliece in 1978, is a pioneering example of code-based cryptography and is resilient against Shor’s algorithm, making it a strong candidate for post-quantum secure public key encryption Utilizing binary Goppa codes for message encryption and decryption, the system is built on error-correcting linear codes While there are various adaptations of the McEliece algorithm, many have shown vulnerability to cryptanalytic attacks The original algorithm remains secure when appropriate parameters are selected, but its large key sizes pose efficiency challenges, limiting its practical application Nonetheless, the McEliece public key cryptosystem (PKC) is viewed as a viable alternative to RSA and warrants further exploration in the context of post-quantum security.
Scope and Contributions of This Book
This book aims to address the growing demand for unconditionally secure information transfer by exploring the history of cryptography, including quantum cryptography and quantum key distribution Quantum physics allows for the sharing of a secure random information string between two parties, enabling the XOR operation with a random key to recover shared information securely However, the practical limitations of quantum key distribution, such as its effectiveness over only a few hundred miles and a modest key transfer rate of several hundred kilobits per second, hinder its compatibility with market needs for faster and longer-distance secure information transfer.
Current quantum key distribution (QKD) technology does not enable secure key transfer at the desired information transfer rates, instead providing a rapid key refreshment that enhances conventional encryption methods While QKD increases the complexity for cryptanalysts, it does not ensure unconditional security in data transfer Additionally, error correction techniques are employed to recover keys, mitigating the effects of transmission errors and ensuring the integrity of the key exchange process.
In a later chapter of the book, the authors suggest that detecting an intruder on an optical cable is possible when one channel transmits data at commercial rates, such as 10 Gigabits per second This approach implies a potential for enhanced security at higher data rates, eliminating the need for traditional encryption and decryption methods.
The book focuses on photonic techniques, leveraging the mature technology of multiple photons for communication It emphasizes that the generation, transfer, and detection of photon streams have evolved into a straightforward engineering discipline Consequently, all methods discussed are rooted in the principles of multi-photon technology, leading to the concept of Multi-photon Quantum Secure Communication.
Organization of This Book
This book delves into innovative methods for secure information transfer that do not rely on quantum channels, unlike QKD-based techniques The introductory chapter outlines the evolution of cryptography over the past two millennia, highlighting its current limitations and the necessity for exploring new approaches It emphasizes the importance of integrating quantum mechanics into cryptographic practices Chapter 2 introduces fundamental concepts of quantum information science, such as qubits and their states, while also discussing the properties of photons, thereby establishing a groundwork for multi-photon communication.
Chapter 3 explores contemporary techniques in Quantum Key Distribution, while Chapter 4 delves into key communication in quantum noise (KCQ), leveraging quantum detection and communication theory protocols Chapter 5 introduces the foundational three-stage protocol, essential for the protocols discussed throughout the book Chapter 6 expands this concept into a family of multi-stage protocols, comparing them to single-photon protocols and demonstrating their resilience against man-in-the-middle attacks To counter photon-siphoning threats, the multi-photon protocol incorporates an additional variable Chapter 7 evaluates the security of the multi-stage, multi-photon tolerant protocol, highlighting that a legitimate receiver only needs to differentiate between two orthogonal polarization states, unlike an intruder who faces an infinite number of states Chapter 8 offers a security analysis of this multi-stage protocol, addressing intercept-and-resend and photon number splitting attacks, and outlines conditions for it to approximate the robustness of quantum-secure protocols Finally, Chapter 9 broadens the application of the multi-stage multi-photon protocol to wireless communication, specifically assessing its effectiveness for secure key distribution within the IEEE 802.11i framework.
Chapter 10 explores the use of light polarization to detect intrusions in optical fibers, aimed at safeguarding sensitive information This innovative and cost-effective system offers a practical solution to prevent data theft in modern telecommunication networks.
Chapter 11 explores the utilization of the polarization channel in optical fibers for data transfer, specifically focusing on the exchange of symmetric keys between both ends of the fiber This method enables conventional symmetric encryption across multiple data channels supported by the optical fiber While symmetric key-based encryption offers only computational security, the rapid exchange of keys ensures a high level of security for the data channel.
Chapter 12 introduces a highly secure router-to-router key exchange system that allows either router to initiate the key exchange process at any time, enabling frequent exchanges as needed The cryptographic strength of this system is derived from a multi-stage transmission method, where the number of variables exceeds the number of stages by one, resulting in a measurement count that is one less than the number of variables Additionally, the system performs all processing electronically, effectively mitigating the risk of man-in-the-middle attacks.
1 Singh, S (1999) The code book: The secret history of codes and code-breaking (1st ed.). Great Britain: Fourth Estate.
2 Damico, T M (2009) A brief history of cryptography Inquiries Journal/Student Pulse, 1
3 Kile, J (2013) The Atbash cipher and Jeremiah 51:1 In Mysterious writings inspiring the search for treasure, mystery, and adventure, January 20, 2013.
4 Djekic, M (2013) A scytale — Cryptography of the ancient sparta The Best of Australian Science, November 25, 2013.
5 Stallings, W., & Tahiliani, M P (2014) Cryptography and network security: Principles and practice (Vol 6) London: Pearson.
6 Jackob, M (2001) SANS Info Sec Reading Room History of Encryption.
7 Mollin, R A (2005) Codes: The guide to secrecy from ancient to modern times Boca Raton: CRC Press.
8 Pelling, N (2016) Fifteenth century cryptography Cipher Mysteries, July 6, 2016.
9 Whitman, M E., & Mattord, H J (2011) Principles of information security Boston:
10 Buonafalce, A (2006) Bellaso ’ s reciprocal ciphers Cryptologia, 30(1), 39 – 51.
11 Guenther, C (2003) The relevance of quantum cryptography in modern cryptographic systems GSEC Practical Requirements (v1 4b) http://www.giac.org/practical/GSEC/ Christoph%20Guenther%20GSEC.pdf.
12 Salomon, D (2003) Data privacy and security: Encryption and information hiding Berlin: Springer Science & Business Media.
13 Hunter, F (2011) Thomas Jefferson the cryptographer Frances Hunter ’ s American Heroes Blog, September 7, 2011.
14 Wertheim, A T (1967) The Zimmermann telegram London.
15 Shannon, C E (2001) A mathematical theory of communication ACM SIGMOBILE Mobile Computing and Communications Review, 5(1), 3 – 55.
16 Kaeo, M (2003) Designing network security USA: Cisco Press.
17 Dif fi e, W., & Hellman, M (1976) New directions in cryptography IEEE Transactions on Information Theory, 22(6), 644 – 654.
18 Rivest, R L., Shamir, A., & Adleman, L (1978) A method for obtaining digital signatures and public-key cryptosystems Communications of the ACM, 21(2), 120 – 126.
19 Hoffman, N (2007) A simpli fi ed IDEA algorithm Cryptologia, 31(2), 143 – 151.
20 Zimmermann, P (1991) Why i wrote PGP Part of the Original.
21 Sutikno, S., Surya, A., & Effendi, R (1998) An implementation of ElGamal elliptic curves cryptosystems In The 1998 IEEE Asia-Paci fi c Conference on Circuits and Systems, 1998, IEEE APCCAS 1998.
22 Mart í nez, V G., Encinas, L H., & Á vila, C S (2010) A survey of the elliptic curve integrated encryption scheme Ratio, 80(1024), 160 – 223.
23 Gisin, N., Ribordy, G., Tittel, W., & Zbinden, H (2002) Quantum cryptography Reviews of Modern Physics, 74(1), 145.
24 Schneier, B (2007) Applied cryptography: Protocols, algorithms, and source code in C. USA: Wiley.
25 Stallings, W (2005) Cryptography and network security: Principles and practice USA: Prentice Hall.
26 Salkever, A (2003) A quantum leap in cryptography July 15, 2003 Available from: http:// www.businessweek.com/technology/content/jul2003/tc20030715_5818_tc047.htm.
27 idQuantique SA (2003) Breakthrough in quantum cryptography — Swiss partnership to release world ’ s fi rst integrated quantum key infrastructure December 15, 2003 Available from: http://www.idquantique.com/ fi les/wise-press-engl.pdf.
28 Koashi, M., & Preskill, J (2003) Secure quantum key distribution with an uncharacterized source Physical Review Letters, 90(5), 057902.
29 Grover, L K (1996) A fast quantum mechanical algorithm for database search In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing.
30 Wiesner, S (1983) Conjugate coding ACM Sigact News, 15(1), 78 – 88.
31 Fuchs, C A (1996) Information gain vs state disturbance in quantum theory arXiv preprint quant-ph/9611010.
32 Wootters, W K., & Zurek, W H (1982) A single quantum cannot be cloned Nature, 299
33 Huard, S (1997) Polarization of light Germany: Wiley-VCH.
34 Brassard, G., & Salvail, L (1994) Secret-key reconciliation by public discussion In Advances in Cryptology — EUROCRYPT ’ 93 Berlin: Springer.
35 antenna-theory.com http://www.antenna-theory.com/basics/polarization.php Cited September 28, 2015.
36 Bennett, C H., & Brassard, G (2014) Quantum cryptography: Public key distribution and coin tossing Theoretical Computer Science, 560, 7 – 11.
37 Lo, H.-K., Spiller, T., & Popescu, S (1998) Introduction to quantum computation and information Singapore: World Scienti fi c.
38 Bennett, C H (1992) Quantum cryptography using any two nonorthogonal states PhysicalReview Letters, 68(21), 3121.
39 Bruss, D (1998) Optimal eavesdropping in quantum cryptography with six states Physical Review Letters, 81(14), 3018.
40 Bennett, C H., Brassard, G., & Mermin, N D (1992) Quantum cryptography without Bell ’ s theorem Physical Review Letters, 68(5), 557.
41 Scarani, V., Acin, A., Ribordy, G., & Gisin, N., et al (2004) Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementa- tions Physical Review Letters, 92(5), 057901.
42 Carter, J L., & Wegman, M N (1977) Universal classes of hash functions In Proceedings of the Ninth Annual ACM Symposium on Theory of Computing.
43 Wegman, M N., & Carter, J L (1981) New hash functions and their use in authentication and set equality Journal of Computer and System Sciences, 22(3), 265 – 279.
44 Schneier, B (2008) Quantum cryptography: As awesome as it is pointless Cited 10/13/2015. Available from: http://archive.wired.com/politics/security/commentary/securitymatters/2008/ 10/securitymatters_1016.
45 Schneier, B (2009) Schneier on security USA: Wiley.
46 Paterson, K G., Piper, F., & Schack, R (2007) Quantum cryptography: A practical information security perspective Nato Security Through Science Series D-Information and Communication Security, 11, 175.
47 Ghernaouti-Helie, S., Tashi, I., Laenger, T., & Monyk, C (2009) SECOQC business white paper arXiv preprint arXiv:0904.4073.
48 Scarani, V., Bechmann-Pasquinucci, H., Cerf, N J., Du š ek, M., L ü tkenhaus, N., & Peev, M.
(2009) The security of practical quantum key distribution Reviews of Modern Physics, 81, 1301.
49 Stinson, D R (2005) Cryptography theory and practice (3rd ed.) Boca Raton: CRC press.
50 Gisin, N., Ribordy, G., Tittel, W., & Zbinden, H (2002) Quantum cryptography Reviews of Modern Physics, 74, 145.
51 idQuantique (September 28) http://www.idquantique.com/qkd.html.
52 I MagiQ Technologies (September 28) http://www.magiqtech.com.
53 Bernstein, D J (2009) Introduction to post-quantum cryptography In Post-quantum cryptography (pp 1 – 14) Berlin: Springer.
54 Bernstein, D J (2010) Grover vs mceliece In International Workshop on Post-Quantum Cryptography Berlin: Springer.
55 Micciancio, D., & Regev, O (2009) Lattice-based cryptography In Post-quantum cryptography (pp 147 – 191) Berlin: Springer.
56 Kumar, R., & Sivakumar, D (2001) Complexity of SVP – a reader ’ s digest SIGACT News, 32
57 Micciancio, D (2001, Fall) Lattices in cryptography and cryptanalysis Lecture Series San Diego: University of California.
58 Micciancio, D (2009) Cryptographic functions from worst-case complexity assumptions In The LLL algorithm (pp 427 – 452) Berlin: Springer.
59 Matsumoto, T., & Imai, H (1988) Public quadratic polynomial-tuples for ef fi cient signature-veri fi cation and message-encryption In Eurocrypt ’ 88, vol 330 (pp 419 – 453). LNCS.
60 Regev, O (2006) Lattice-based cryptography In CRYPTO Berlin: Springer.
61 Ajtai, M (1996) Generating hard instances of lattice problems In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing.
62 Hoffstein, J., Pipher, J., & H Silverman, J (1998) NTRU: A ring-based public key cryptosystem Algorithmic Number Theory (ANTS III) 10.1007/BFb0054868.
63 Kipnis, A., Patarin, J., & Goubin, L (1999) Unbalanced oil and vinegar signature schemes.
64 Ding, J., & Schmidt, D (2005) Rainbow, a new multivariable polynomial signature scheme.
65 Ding, J., Cabarcas, D., Schmidt, D., Buchmann, J., & Tohaneanu, S (2008) Mutant Gr ử bner basis algorithm In Proceedings of the 1st International Conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China, LMIB.
66 Braeken, A., Wolf, C., & Preneel, B (2005) A study of the security of unbalanced oil and vinegar signature schemes In CT-RSA Berlin: Springer.
67 Chen, J., & Moh, T (2001) On the Goubin-Courtois attack on TTM Cryptology ePrmt Archive, Vol 72.
68 Courtois, N., Daum, M., & Felke, P (2003) On the security of HFE, HFEv-and quartz In Public key cryptography Berlin: Springer.
69 Lamport, L (1979) Constructing digital signatures from a one way function Technical Report SRI-CSL-98, SRI International Computer Science Laboratory.
70 Faugere, J.-C (1999) A new ef fi cient algorithm for computing Gr ử bner bases (F 4) Journal of Pure and Applied Algebra, 139(1), 61 – 88.
71 McEliece, R J (1978) A public-key cryptosystem based on algebraic Coding Thv, 4244,
72 Siim, S (2015) Study of McEliece cryptosystem.
This chapter provides the essential mathematical foundation for comprehending quantum mechanics discussed throughout the book It begins with an introduction to the abstract concept of a qubit, which serves as the quantum counterpart to a classical bit Following this, the characteristics of photons are explored to establish a basis for multi-photon communication.
An exposition of the polarization degree of freedom of photons in the multi-photon regime is made.
Basic Concepts in Quantum Information
Quantum State and Qubit
In quantum physics, the isolated quantum system's state is represented by its quantum state, which defines the probability distribution for potential measurement outcomes This quantum state exists in a mathematical framework known as Hilbert space, a linear complex space Intuitively, it can be visualized as a vector, where its magnitude and direction encapsulate all relevant information about the quantum system.
In Dirac notation, a quantum state is represented as |ψ⟩ For instance, a quantum system can display two possibilities, such as horizontal or vertical polarization of a photon, represented by the states |0⟩ and |1⟩, corresponding to the outcomes '0' and '1' These states, |0⟩ and |1⟩, signify the two distinct possibilities of the quantum system, akin to a classical bit In quantum information, a qubit embodies these two states, which are mutually exclusive The interpretation of this exclusiveness is that |0⟩ and |1⟩ are orthogonal vectors within the linear complex Hilbert space This relationship is further elucidated through the scalar product in the complex Hilbert space Additionally, different notations may be employed for a qubit depending on the context, such as |H⟩ and |V⟩ for the orthogonal polarizations of a photon or |g⟩ and |e⟩ for the energy levels of a two-level atom.
A key distinction between quantum systems and classical systems is that a quantum system can exist in a 'superposition' of potential measurement outcomes This concept is mathematically expressed as |ψ⟩ = a|0⟩ + b|1⟩, where a and b are complex numbers Here, |0⟩ and |1⟩ represent the states of two mutually exclusive events, which can also be represented as basis vectors in matrix notation: |ψ⟩ ↔ [0, 1].
Using the matrix notation, we have j i ẳw a b : ð2:3ị
The coefficients aand bare called the probability amplitudes and they need to satisfy the condition j ja 2 ỵj jb 2 ẳ1: ð2:4ị
The quantum state represented by |ψ⟩ has a probability of |α|² of being in the state |0⟩ and a probability of |β|² of being in the state |1⟩ This quantum state, referred to as a 'ket', can be expressed as a column vector The corresponding 'bra', ⟨ψ|, is derived from the ket through the conjugate transposition, also known as the Hermitian conjugate or adjoint, expressed mathematically as ⟨ψ| = (|ψ⟩)†.
In matrix notation, the elements are represented as \( h_j = 0 \) for \( j = 0 \) and \( h_j = 1 \) for \( j = 1 \), with the relationship \( h_j = w_a h_j + 0 b h_j = 1 \) denoted by equation (2.6), where the asterisk indicates complex conjugation This process of conjugate transposition combines complex conjugation with matrix transposition By aligning column and row matrices, we can execute all linear algebraic operations involving bras and kets Notably, the scalar product between a bra \( \langle w | \) and a ket \( | i \rangle \) is defined as \( \langle w | i \rangle = (\langle h_j |)(| i \rangle) \), as shown in equation (2.7).
The scalar product typically yields a complex number and adheres to the relationship \( \langle w | j \rangle = \langle j | w \rangle^* \) The norm of the state \( | j \rangle \) is defined as \( \| j \| = \sqrt{\langle j | j \rangle} \).
By convention, basis vectors are taken to have unit norms Therefore, for the qubit,
The normalization condition of probability amplitudes is essential, as indicated by the equations 0j0 h i ẳh1j1i ẳ1; h0j1i ẳh1j0i ẳ0; ð2:9ị and wjw h i ẳj ja 2 ỵj jb 2 ẳ1 ð2:10ị It is important to note that the states 0jw h i ẳa and 1jwh i ẳb are always normalized unless explicitly stated otherwise.
The computational basis, denoted as fj i;0 j i1 g, serves as the foundation for qubit representation Given that linear combinations of quantum states also qualify as quantum states, various bases can be defined for a qubit An example of such a basis is represented as þ j i j i þ0 j i1.
The Hadamard basis, represented as \( \frac{1}{\sqrt{2}}( |0\rangle + |1\rangle ) \), allows for the expression of a qubit in various bases Specifically, the qubit \( | \psi \rangle \) can be expressed as a linear combination of basis states, where \( | \psi \rangle = a |0\rangle + b |1\rangle \) This representation involves the outer product \( |0\rangle \langle 0| \) and \( |1\rangle \langle 1| \), which are crucial in quantum mechanics, differing from scalar products by yielding a square matrix Notably, \( |0\rangle \langle 0| \) is equivalent to the identity matrix, emphasizing the significance of bras and kets as vector representations in quantum theory.
It should be noted that in general one can have four outer products using the computational basis, i.e.,jiihjjwherei;jẳ0;1 Moreover, one can easily see that j0ih0j ỵ j1ih1j ẳ 1 0
0 1 ẳI; ð2:14ị whereIis the identity matrix (or identity operator in Hilbert space).
The outer product, denoted as \( | \psi \rangle \langle \phi | \), serves as a projector when applied to a ket from the left and can also project a quantum state onto a bra from the right This means any qubit \( | j \rangle \) can be expressed in any basis by incorporating an appropriate identity matrix For instance, in the Hadamard basis, the representation of \( | j \rangle \) can be expressed as a combination of the basis states \( | 0 \rangle \) and \( | 1 \rangle \) Thus, we can write \( | i \rangle \) in terms of the Hadamard basis states, illustrating the versatility of quantum state representation.
ffiffiffi2 p ẳj0ih0j ỵ j1ih1j j0ih1j j1ih0j
More generally, for a d-dimensional qudit (a quantum state that can assume d mutually exclusive events), the identity operator can be resolved as
IẳP d1 kẳ0j ik h j A qubit corresponds tok dẳ2.
Finally, a convenient way to represent a qubit is the so-called Bloch sphere representation in the computational basis: j i ẳw aj i ỵ0 bj i ẳ1 e i v cosh
; uẳarg b j ja ; vẳarga; ð2:18ị where 0hp and 0u;v2p The anglev is a global phase which usually does not play any role Figure2.1gives a pictorial illustration of a qubit on theBloch sphere.
In this representation, the z-axis represents the computational basis, while the x-axis corresponds to the Hadamard basis The qubit states along the x, y, and z axes are the eigenkets of the X, Y, and Z gates discussed in Section 2.2.3.
Multiple Qubits
The representation of multiple qubits is achieved through the tensor product For instance, a two-qubit system consisting of the qubits |w⟩ and |w₀⟩ can be expressed as |w⟩ |w₀⟩ or simply as |ww₀⟩.
In quantum computing, the arrangement of distinguishable qubits is significant, with the leftmost qubit labeled as the first qubit, followed by the second, and so on To avoid confusion regarding their order, qubits can be explicitly labeled, such as j iw A j iw 0 B = j iw 0 B j iw A The distinguishability of qubits arises from various degrees of freedom, including spatial, temporal, spectral, or polarization modes In quantum communication, labels like A and B often represent the distinct spatial locations of users, such as Alice and Bob The upcoming section will address the notation of the Fock state when discussing multiple indistinguishable photons within the same mode.
The linear superposition of two-qubit states is also a two-qubit state Therefore, in the computational basis, a two-qubit state can generally be written as
The Bloch sphere representation of a qubit is expressed as |ψ⟩_AB = a|00⟩_AB + b|01⟩_AB + c|10⟩_AB + d|11⟩_AB, where a, b, c, and d are complex numbers that adhere to the normalization condition |a|² + |b|² + |c|² + |d|² = 1 It is important to note that this expression cannot always be written as a separable product, which indicates that the state is entangled Conversely, if a bipartite state can be represented in a separable form, such as |ψ⟩_AB = |ψ⟩_A |ψ'⟩_B for some single qubit states |ψ⟩_A and |ψ'⟩_B, the state is classified as separable or unentangled.
In quantum cryptography, one of the most important entangled two-qubit sys- tems are the four Bell states [1]:
U þ j i AB ẳjb00i AB ẳj i00 AB ỵffiffiffij i11 AB p2 ; ð2:21aị
U j i AB ẳjb10i AB ẳj i00 AB ffiffiffij i11 AB p2 ; ð2:21bị
W þ j i AB ẳjb01i AB ẳj i01 AB ỵffiffiffij i10 AB p2 ; ð2:21cị
W þ j i AB ẳjb11i AB ẳj i01 AB ffiffiffij i10 AB p2 : ð2:21dị
The Bell’s states are the fundamental entangled resources for entanglement based quantum communication protocol such as quantum teleportation and the E91 QKD protocol.
To determine whether a two-qubit state, represented in the form of Eq (2.20) with specific values for a, b, c, and d, is entangled or separable, one can utilize the Schmidt decomposition method This involves organizing the coefficients into a matrix and applying singular-value decomposition (SVD) to analyze the state effectively.
Mẳ a b c d ẳURVy; whereUandVare unitary matrices andRẳ k1 0
The bipartite state in a diagonal matrix 0 k2 can be expressed as j in AB = k1j iu 1 A j iv 1 B + k2j iu 2 A j iv 2 B, where uj and vj are derived from the columns of matrices U and V, respectively The state is separable if and only if one eigenvalue of R is nonzero and equals 1, adhering to normalization conditions Conversely, the state j in AB achieves maximal entanglement when k1 and k2 are both equal to 1/√2.
As an example, consider the bipartite state: j in AB ẳj i00 AB ỵj i01 AB ỵj i10 AB
One can construct the matrix
To find the singular value decomposition ofM ẳURVy, one considers MMy and its diagonalization
Note thatDis positive definite andDẳR 2 Then it is straightforward to obtain
UsingR,U, andV, the Schmidt decomposition ofj in AB in Eq (2.23) is given by k1ẳ
It should be noted thatk1[k2 in the example The statej in AB in Eq (2.23) is thus not maximally entangled.
In conclusion, while multiple qubit states can be formed using the tensor product, determining the separability of quantum states with more than two qubits lacks a straightforward method, unlike the Schmidt decomposition.
Qubit Operations
In a closed quantum system, the evolution of the state of the system is reversible
[1] An open quantum system can be treated by considering an environment upon which one does not have control The system + environment can hence still be considered as a closed system.
The reversibility of the evolution of a quantum system implies that an operation
Uon the system is unitary, i.e.,UyUẳI In matrix notation,Uis a unitary matrix. The evolved state byUcan be written as w 0 j i ẳUj i:w ð2:29ị
It should be noted that w 0 jw 0 h i ẳðUj iw ịyðUj iw ị ẳh jUw yUj i ẳw hwjwi: ð2:30ị
Hence the norm of the quantum state is unchanged as expected.
There are three commonly used elementary single qubit operations:
The NOT gate is defined by
X ij i ẳji1i; ð2:31ị where addition is modulo 2 for qubit One can easily check that
Hence the Hadamard basis is the eigenbasis of the NOT gate In matrix notation,
The Z gate is defined similarly by
Hence the computational basis is the eigenbasis of the Z gate with the eigen- values1 One can easily check that
That is, theZgateflips the phase of the 1j i component with respect to the 0j i component.
TheXandZ gates can be combined to form theY gate:Y ẳiXZ, where
The three matricesX,Y, andZare also identified to be the three Pauli matrices. Hadamard gate
The Hadamard gate is defined by
Hence the Hadamard gate connects the computational basis and the Hadmard basis One can easily check that
Hẳ ỵj ih j ỵ 0 j ih j ẳ1 XỵZ
Multiple qubit operations can be defined using the tensor product, such as U U' U'' = U U' U'' The sequence of operations is crucial since the qubits are considered distinguishable To eliminate any ambiguity regarding the order of operations, labels can be employed to specify which operator is applied to each qubit.
In the context of quantum mechanics, we can rearrange operators and states as needed, provided that the operators are positioned to the left of their corresponding kets This flexibility is essential for maintaining the integrity of the mathematical expressions involved.
In addition to single qubit operations, one can also define two-qubit operations.
In particular, the most useful two-qubit operation is the controlled-NOT (CNOT) gate defined by:
In matrix notation, it reads
In fact, the Bell states can be created usingU CNOT AB and the Hadamard gate:
Mixed States and Density Operators
In quantum mechanics, the states referred to as pure states exhibit probability amplitudes that reflect the inherent randomness of a closed quantum system Conversely, certain situations arise where the uncertainty of the system stems from incomplete knowledge about it For instance, a quantum system might exist in one of two states, |w0⟩ or |w1⟩, with the transition occurring based on a known or unknown probability distribution, pX(x) This leads to the characterization of the system as being in a mixed state, represented by the ensemble E = {pX(x), |w_x⟩}, where x belongs to the set X = {0, 1}.
The overall quantum state of the system is anticipated to be an incoherent sum of the states |w0⟩ and |i⟩, with weights determined by w1(px) This quantum state is accurately represented by the density operator, also known as the density matrix, denoted as ρ(X) = ∫ pX(x)|i⟩⟨w|dx.
In the density operator formalism, a pure state is represented by the density operator \( \hat{q} \) when it consists of a single term in the sum, indicating a distinct quantum state Conversely, if multiple terms are present, the state is classified as mixed It is important to note that while the states \( | \psi_i \rangle \) are normalized, they do not necessarily have to be orthogonal to each other.
The density operator is expressed as a sum of the outer products of states wx j i in the ensemble E, weighted by pXðxị, demonstrating that q is Hermitian (q = q†) It can be represented in a diagonalized form as q = Σ k k j i/k h j, where /k represents an orthonormal set of kets The evolution of q under the unitary operator U is described by the equation q' = UqU†.
In matrix theory, the trace of a square matrix \( M \) is defined as the sum of its diagonal elements, represented mathematically as \( \text{Tr}(M) = \sum_j M_{jj} \) This calculation uses a set of basis kets \( \{ |j\rangle \} \), where \( M_{ij} \) are the matrix elements of \( M \) in this basis Notably, for normalized quantum states, the trace of a density operator \( \rho \) equals one, emphasizing its significance in quantum mechanics.
The identity I is utilized to eliminate the arbitrary basis in the diagonalized form of the density operator q, allowing for the determination that the sum of the eigenvalues equals one This implies that the set of eigenvalues and eigenkets can be viewed as an ensemble of pure states for the density operator Notably, a given density operator can be represented by various ensembles of pure states Additionally, the purity of the density operator, defined as Tr(q²), can be assessed through the trace operation, which proves that purity values range from zero to one A pure state corresponds to a purity of one, while mixed states yield lower purity values.
The trace operation plays a crucial role in determining the quantum states of subsystems in multipartite quantum states For a bipartite quantum state, represented as q AB = ∑x∈X p(x) |x⊗xAB, the trace operation enables the extraction of the quantum state of the subsystem By applying the trace operation, one can obtain the reduced density matrix of the subsystem, providing valuable insights into its properties and behavior.
In quantum mechanics, the density operator for subsystem A can be derived from the overall state of a composite system AB by applying the partial trace over subsystem B Specifically, for a pure state |ψ_AB⟩, the density operator for subsystem A is given by ρ_A = Tr_B(|ψ_AB⟩⟨ψ_AB|) This process highlights the relationship between subsystems and is essential for understanding quantum entanglement and the behavior of quantum systems.
In Eq (2.48), it's important to highlight that while \( q_A \) is expressed as an incoherent sum of the density operators \( q_{Ax} \), it can also be represented as an incoherent sum of pure states, such as the eigenkets of \( q_A \) A key application of the partial trace arises when subsystem \( A \) represents a quantum system interacting with its environment.
E Given the system density operatorq A ẳP x 2XpXðxịj iwx A h j, one can alwayswx construct a composite pure state for the system + environment j iw AE such that q A ẳTr E j iw AE h jw
Explicitly, the composite state is j iw AE ẳX x2X
ffiffiffiffiffiffiffiffiffiffiffi p X ðxị p j iwx A j i/x E ; ð2:49ị wherej i/x E is some orthonormal basis for the environmentE Equation (2.49) is called the purification of q A on the reference system (or environment)E.
The concept of purification is essential for understanding general quantum operations, as it allows us to view an open quantum system as a closed system that includes both the quantum system and its environment Consequently, a quantum operation \( E \) acting on the system \( q_A \) can be represented as a unitary operation \( U_{AE} \) applied to the combined system and environment, expressed mathematically as \( q_A \rightarrow E q_A = \text{Tr}_E (U_{AE} q_A q_E) \).
The state of the environment, denoted as E, is considered to be independent of the system in question For a comprehensive understanding of the implications of this concept, readers are encouraged to consult the referenced source [1].
No-Cloning Theorem
A fundamental principle of quantum cryptography is the no-cloning theorem, which states that, unlike classical information that can be perfectly copied, it is impossible to create a universal copier for quantum states, specifically qubits This theorem implies that a unitary operation cannot replicate quantum information, and its validity can be established through a proof by contradiction.
Suppose there exists an unitaryUsuch that
Uj iw j i ẳ0 j iw j i ẳw jwwi; ð2:50aị
Uj i/ j i ẳ0 j i/ j i ẳ/ j//i; ð2:50bị wherej iw andj i/ are some arbitrary quantum states Here 0j iis the initial state of the copier Consider the scalar product between the right-hand sides of Eq (2.50):
//jww h i ẳh/jwih/jwi ẳh/jwi 2 :
The left-hand side yields the equation h j/h jU0 yUj iw j i ẳ0 ðh j/h j0ịðj iw j i0 ị ẳh/jwih0j0i ẳh/jwi, utilizing the relationships UyU ẳ I and 0j0h i ẳ 1 Consequently, this leads us to the derived results.
/jw h iðh/jwi 1ị ẳ0 ) h/jwi ẳ0 orh/jwi ẳ1: ð2:51ị
Therefore, ifUcan clonew, it can only clone /that is orthogonal towif/is different fromw HenceUis not universal.
The no-cloning theorem states that a quantum state cannot be perfectly copied without prior knowledge of the state itself This principle is effectively utilized in the BB84 quantum key distribution (QKD) protocol, which transmits bit information encoded in qubits across randomly chosen bases Further details on this protocol will be discussed in the following chapter.
The proof discussed pertains specifically to pure states but can be extended to mixed states, leading to the formulation of the no-broadcasting theorem It's important to distinguish this from the no-cloning theorem, which states that an unknown quantum state cannot be perfectly duplicated Nevertheless, it is possible to perform approximate cloning of arbitrary quantum states.
Quantum Measurement
To understand the world and its evolution, it is essential to clarify how quantum states are measured in quantum mechanics The theory posits that measurements correspond to quantum states, with the index k representing the outcome of the measurement operator Mk For any specific measurement task, the set of measurement operators {Mk} must be complete, ensuring that a result is always obtained based on the quantum state |ψ⟩ For instance, when measuring whether a qubit is in the 0 or 1 state, the appropriate measurement operators are utilized.
In quantum mechanics, the projectors M0 and M1 correspond to the states |0⟩ and |1⟩, respectively When employing the measurement operator Mk on the quantum state |ψ⟩, it leads to the post-measurement state represented as |ψ'⟩ = Mk|ψ⟩.
The post-measurement state is no longer considered normalized, as its norm provides the probability \( p_k \) for event \( k \) This probability can be expressed as \( p_k = \langle w_0 | f_j w_0 | f_i \rangle = \langle j | M_w | y_k M_k \rangle \).
After measurement, we confirm that the quantum state is represented as jw 0 f i, due to the outcome k To accurately describe the post-measurement state, we apply proper normalization using pk, resulting in wf = Mkj iw.
ffiffiffiffiffi pk p ẳ ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiMkj iw h jMw y kMkj iw q : ð2:55ị
Finally, since the measurement operators form a complete set for the measure- ment task, we should have
1ẳX k pkẳX k h jMw y kMkj i ẳw h jw X k
This is true for any j i, hence the completeness ofw fMkg is equivalently rep- resented by
For example, it can be easily seen that the measurement operatorsfM 0 ;M 1 g in
Eq (2.52) satisfies the completeness relation (2.57), andMy kMkẳMkMkẳMkfor kẳ0;1 For a given density matrixq, Eqs (2.54) and (2.55) are generalized as p k ẳTr qMy kM k ẳTr M k qMy k
In quantum information, the concept of a positive-operator-valued measure (POVM) is essential A POVM consists of a collection of positive operators, denoted as {Ek}, which possess non-negative eigenvalues and satisfy the completeness relation, summing to the identity operator (Σk Ek = I).
The connection betweenEk and Mk is
EkẳMy kMk; ð2:58aị or more generally
My k ; lM k ; l ; ð2:58bị for some subset Mk ; l lof the full set Mk ; l k ; l The positivity and completeness of
The POVM is utilized when the focus is primarily on the measurement probability \( p_k \), rather than the post-measurement state This approach allows the probability to be expressed directly as the expectation value, as deduced from Eq (2.58b).
In this article, we explicitly utilize the conditional probability P(k|q) to represent the likelihood of outcome k given the density matrix q Constructing a Positive Operator-Valued Measure (POVM) is often simpler than creating the measurement operators {M_k} For instance, we can design a measurement task to differentiate between the states |0⟩ and |1⟩, noting that the states |0+⟩ and |+⟩ are nonorthogonal It has been shown that a specific POVM can effectively unambiguously distinguish between these two qubit states.
In this article, we discuss the construction of sets E1 and E2, which are derived from the complements of j i0 and j iþ, respectively Additionally, we introduce E3 to fulfill the completeness condition The coefficient 'a' is selected to ensure that all sets E remain positive, allowing E3 to be expressed accordingly.
In quantum mechanics, nonzero measurement outcomes allow for the clear distinction between states, such as |0⟩ and |1⟩ For instance, if the measurement outcome is E1, the state must be |1⟩, as this result cannot arise from |0⟩ Conversely, if the outcome is E2, the state must be |0⟩ However, an outcome of E3 yields inconclusive results This scenario exemplifies the unambiguous discrimination between two nonorthogonal quantum states, highlighting the importance of measurement outcomes in state identification.