2.2. Quantum Cryptography
Presently, quantum cryptography is a sparkling topic in the field of communications and information technology. There is no doubt that the main focus of the cryptosystem is to prevent any entity from accessing the shared data, except for legal correspondents. Confidential communications between the sender and the receiver message must be ensured, and the principles of quantum communication ensure that data are transmitted over a secure channel with notification in the event of a data interruption.
Quantum cryptography uses symmetric key encryption, which is very common in classical cryptography methods. Moreover, symmetric key encryption provides straightforwardness between communicating parties in a quantum system, such as the One-Time Pad (OTP) encryption technique [
15]. Furthermore, the Shared Secret Key (SSK) is used in the OTP mechanism by converting the entire plaintext X into a long string of n-bits. On the other hand, the SSK should be created to match the same length (number of bits) of the original plaintext X, where the plaintext X and secret key SSK will be XORed
to produce a ciphertext C. This process can be used in quantum cryptography when both legitimate parties obtain an SSK with the known plaintext X. An interesting point in quantum cryptography is the inability to make a copy of the original plaintext X or even listen to the message content by an eavesdropper, due to the rules of quantum mechanics (non-cloning theory) [
16]. For instance, if two connected terminals are interrupted during a quantum communication, then the quantum system will be altered. This alteration is recognized by destroying the content of the message. Therefore, communicating parties can detect the information attacks, while the eavesdropper cannot take advantage of a system interruption.
Furthermore, several requirements are available to achieve secure communication using quantum systems. The first condition is a quantum channel, where the submitted data (set of quantum bits) is transmitted. The quantum channel should be either free space or fiber optics [
17]. The data submitted in the quantum channel includes information about the shared secret key (SSK), which is carried by elementary particles. The second condition consists of a classical channel that should be established to recognize whether the shared key was detected by an eavesdropper or altered by the environment [
18]. The classical channel uses a sifting process to correct errors that occur during the transmission of quantum channel. In addition, it is used to terminate the communication initiated between the parties if the detected error rate is high.
Public key cryptography provides only a certain amount of protection. Therefore, quantum mechanics will provide a complete solution for the next generation of secure communication networks. Quantum cryptography is based on quantum mechanics, in which some of theories of physics are applied. Moreover, there are many physical quantities or observables, such as photon polarization, momentum, and mass that can be used in the field of cryptography [
19]. Based on the law of physics, the process of exchanging information within a quantum system is naturally protected from passive attacks, but it is still a challenge for active attacks. Here, the information used is initiated as a string of bits that are converted by quantum devices into quantum bits (qubits). The qubits are directed by light filters to different polarized states
. Therefore, a single photon can be initiated and measured based on multiple states. The explanations for used symbols are shown in
Table 1.
Then, this paper introduces some well-known QKD protocols and explains each QKD protocol based on the mechanism of the adopted algorithm. In addition, the QKD protocols were tested and analyzed to demonstrate the differences between all selected QKD protocols.
2.2.1. The BBB84 Protocol
In 1984, the BB84 protocol was introduced by Bennett and Brassard [
20]. The concept of the BB84 protocol depends on the exchange of a secret key between Alice and Bob through a secure quantum channel. The process is described as a tossing-coin, whereby two communication channels (quantum and classical channels) are initiated between Alice and Bob. The quantum channel is technically the emission of a photon in either a free space or fiber-optic cable. The classical channel is an ordinary, traditional bit-shift channel, in which communications during the classical channel do not need to be secure. Both the sender and receiver should have a random number generator and four polarizing filters to generate qubits. These requirements should be available to fulfill the quality of photon submissions [
21,
22].
Moreover, generating a secret key using the BB84 protocol requires each of the communicating parties (the sender and receiver) to have a random number generator that should be placed in an appropriate position. The generator can be set in the middle between the legitimate parties. Primarily, the sender (Alice) starts preparing plaintext X, which is converted to a string of bits. Simultaneously, Alice initiates a random set of bases (recliner or diagonal) that matches the length of plaintext X. These bases include four states (
). Each state on a different basis reflects the probability of (0 or 1). Furthermore, the entire prepared states
will be submitted to a quantum channel with the same polarization of the prepared state as long as there is no interruption [
23].
The probability of X encoded during Alice’s setup represents the randomness of an encryption algorithm, where encoding the same information of X many times produces various ciphertexts [
24]. Although many schemes have been published illustrating the inefficiency of the BB84 protocol as well as the weaknesses in the encryption mechanism, the BB84 protocol remains a solid background for many modern QKD protocols. The BB84 protocol is also considered to demonstrate the relationship between simplicity and durability, as shown in
Figure 2.
In addition, the BB84 protocol relies on the non-cloning theorem and the Heisenberg uncertainty principle to secure the submitted qubits. The non-cloning theorem is derived from the superposition principles of quantum mechanics [
25]. Moreover, the non-cloning feature makes the BB84 protocol more stable by detecting any attack, although attackers never stop attempting to crack any cryptographic protocol. The Heisenberg uncertainty principle is described as the impossibility to prepare or measure states simultaneously in a specific environment based on position and momentum with quantum conditions.
In general, quantum key distribution protocols can be categorized by two disciplines of the photon behavior: the first one is based on superposition states (orthogonal/non-orthogonal) and the second one is based on the entangled states, where the BB84 protocol uses polarized orthogonal states [
26]. In superposition states, Alice sends a state that should be generated on bases of
or
as above, where in this case, Bob should work on one of these bases randomly. Furthermore, if Alice uses the
basis to submit a
state, she will send a
state. Following the same, if she wants to send a
state, and Bob already measured the
state in the
basis, he will record a
state. Additionally, if Alice sends a photon as
or
state and Bob just measures the photon in the basis
, the measurement will be in the polarized states in Equation (1) as follows:
Therefore, there is a 50% chance of recording
or
state by Bob as well as four possibilities [
9] in Equation (2) as follows:
These possibilities are shown on the Bloch sphere to display the measure of each polarization state that can be displayed in a three-dimensional space (x, y, and z) as shown in
Figure 3.
In fact, there are many sequential steps for both parties to create a successful Shared Secret Key (SSK) using the BB84 protocol, as shown in
Figure 2. These steps are described as follows:
Step 1: The length of the plaintext X should be set up by Alice to become a string of n-bits, and then the n-bits are applied to a randomly prepared basis ().
Step 2: Each random basis will produce a random state either
if the basis is
, or
if the basis is
as shown in
Table 2.
Step 3: When the string of n-qubits is submitted by Alice, Bob measures the upcoming n-qubits based on random bases, as shown in
Table 3. Next, Bob obtains a string of states that reflect n-bits. If Bob cannot measure all the submitted qubits, both parties will release additional qubits by sharing the used bases through a public channel.
Step 4: Both Alice and Bob start estimating the errors that could be caused by Eve, where many error-correction methods [
27] are used in the BB84 protocol. The raw secret key is processed, when Alice and Bob compare the matching bits, where the uncorrelated bits are discarded, as shown in
Table 4. This is called a sifting procedure, which enhances any attempt by Eve to obtain information and detect any error [
28].
Step 5: After matching the sent and received qubits, the communication moves to the reconciliation phase only if the error rate is low. On the other hand, Alice and Bob end up the current communication if the error rate is too high.
Step 6: If the error rate is low, Alice and Bob share the raw key. Moreover, the raw key contains the matched qubits of both parties. Unmatched qubits are supposed to be removed from the shared key SSK.
Step 7: Next, Alice and Bob start correcting the erroneous qubits again in a separate phase, as shown in
Table 5, as they endeavor to reduce the number of exposed qubits.
Step 8: After checking for errors, Alice and Bob share an SSK that has the same length of plaintext X [
29,
30]. In other words, Alice could cheat in this position by sending a different basis (rectilinear and diagonal basis or neither rectilinear nor diagonal photon), so that she is not in a position to agree with any of Bob’s table records in step (3). In contrast, Bob’s table records the result of probabilistic behavior that is not under the control of the matching raw key [
31].
Hence, it is very important to realize that if Alice tries to cheat in step (1), for instance, by sending a mixture of rectilinear and diagonal states, Alice will lose the ability to agree with Bob’s records table after step (1).
Finally, the BB84 protocol is assigned a secure protocol as mentioned in [
32], and it is a simple protocol compared with current QKD protocols. This simplicity is based on the law of physics that occur during key generation.
2.2.2. The SARG04 Protocol
In 2004, SARG04 was introduced by Scarain, Acin, Ribordy, and Gisin [
33]. This protocol was then extracted using the previous protocol BB84. The SARG04 protocol uses the same bases and states as the BB84 protocol, where two bases
and four states (
) are used to initiate quantum submissions between the communicating parties. The SARG04 protocol is designed to be a robust protocol against Photon-Number-Splitting (PNS) attacks, especially when weakened laser pulses are emitted instead of a single photon source. Furthermore, SARG04 and BB84 are essentially equivalent to each other in the quantum communication phase, but the variation occurs by encoding and decoding the exchanged information into the classical channel [
34].
The SARG04 protocol has a certain number of instructive differences, of which Bob must always choose the bases with a probability of
, even when Alice uses the same bases [
35,
36], [
37] (p. 4). Although the SARG04 protocol is considered a new quantum mechanism for creating a secure shared key, the BB84 protocol is still seen in the instructions of the SARG04 protocol. In other words, when Alice matches the initiated qubits with the equivalent qubits from Bob, the Quantum Bit Error Rate (QBER) increases based on the presence of the error (unlike BB84, which is satisfied by the sifting phase).
To abstract the sequential steps of the SARG04 protocol between the two legitimate parties Alice and Bob, one-way communication was applied as follows:
Step 1: Alice creates n photons that start randomly with each of the four states (; Bob should receive one of the four states.
Step 2: When the photon is sent to Bob, it is measured randomly into quantum detectors using two bases . If this measurement does not match or cannot be measured, Bob informs Alice to ignore this photon.
Step 3: Alice informs Bob about the states of photons that were chosen during the initiation period. Bob then matches outcomes using only two states. If the result was proven to be an orthogonal state to one of the set of states, the other states will already be proven. However, if the measured photons are not orthogonal, Bob should know that the measurements are not incisive. He then asks Alice to provide more specific details in the reconciliation phase.
Step 4: In the reconciliation phase, some qubits are chosen randomly to be tested and corrected by Alice, where Bob calculates the QBER. If the measurement of QBER was very high, Alice and Bob would agree to cancel the protocol and start another communication.
Step 5: In accordance with the previous step, both Alice and Bob retain only the conclusively matched qubits, which are used in a raw key. Unmatched qubits are treated during the qubit error-correction and privacy amplification phases [
38,
39,
40].
SARG04 protocol can withstand PNS attacks. Although SARG04 appears as the BB84 protocol for all manipulations at the quantum level, it differs in the error-correction phase (sifting phase), where both parties communicate using a classical channel by encoding and decoding the shared information.
2.2.3. The B92 Protocol
B92 was proposed by Bennett in 1992 [
41]. The protocol contains only two particle states, rather than four states in the BB84 protocol. The two states should be nonorthogonal, as illustrated in
Figure 4. The process of the B92 protocol is involved in the quantum phase as follows:
Step 1: Alice sends a random string of qubits (A) to Bob; where , n > N (which N is the length of final key), so if Alice sent the state that means , and if she sent state, for all .
Step 2: On the other hand, Bob creates a vector of bits (B) where , n > N, which if ; then Bob will choose the basis , and if he will choose the basis for all .
Step 3: When Bob starts measuring the upcoming qubits, each qubit is measured on a selected or basis.
Step 4: After measuring the vector of states, Bob starts completing the following rules: if the measurement of the qubit produces
or
then
, and if it produces
or
,
for all
[
42].
In general, the B92 protocol uses a non-orthogonal state to transmit information to a quantum channel. The protocol has a robust scheme with optical imperfection and detector noise, unlike the BB84 protocol. Naturally, the noise at the end of the communication can be as high as 1.6% [
43]. Moreover, the B92 protocol technically has less usage of quantum memory (if any) and quantum channel capacity.
2.2.4. The Coherent One-Way Protocol
The Coherent One-Way (COW) is a simple protocol [
44,
45], which depends on decoding the information into time slots. Alice sends coherent pulses in logic states as [
35] or decoy states. Each logical bit is encoded to either
for logical
or
for logical
by a sequence of two pulses. Furthermore, to improve the security of this protocol, Alice adds decoy sequences of
while submitting the other logical states. If the pulses submitted to the interferometer are well aligned on Bob’s side, then the received pulses will be perfectly detected on DM1 (interferometer) and there will be no detection on DM2 (detector). Therefore, the loss of coherence will be displayed on the detector when the eavesdropper tries to listen [
46].
where
is the mean photon number per pulse.
In this protocol, the transmission and reception of data depends on the time of arrival of the signal and does not depend on the polarization of the optical signals. The COW protocol works briefly as follows:
Step 1: Alice transmits a sequence of binary bits using time slots to Bob and generates both logical states of or (which has the same probability unless decoy states are added). Obtaining a probability of ½ for each of or states and adding the decoy states are calculated by (where f is the probability of decoy state generation).
Step 2: Bob exploits the time detection to generate a raw key, where all previous processes are performed by different detectors to improve the security rate in Equation (4).
where
is the probability of the
clicks at the time when
should click, as shown in
Figure 5.
Step 3: Bob declares the number of bits by simultaneous procedures between the data detector and time detection on the side.
Step 4: On monitoring the detectors, Alice ensures that the sequence of decoy states and bit sequences still exists. If not, Eve has tapped the communication. In this case, Alice breaks the coherence into two pulses to detect an interrupted state.
Step 5: Alice informs Bob about the bits that have been removed from the raw key because those bits belong to the decoy state sequence.
Step 6: The secret key is extracted after dropping the decoy sequences from the raw key using a classical process, and the shared key is obtained by error-correction and privacy amplification [
47].
This protocol, as reported in [
48], is designed to be a robust quantum protocol against reduced interference visibility and PNS attacks. The COW protocol also has simple transmissions into data lines, low losses at the measurement side, and a small QBER detection.
2.2.5. The KMB09 Protocol
This protocol was presented in 2009 [
49] by Khan, Murphy, and Beige, and is designed to be robust against PNS attacks. Khan et al. describe the protocol as being between two parties (Alice and Bob) and an eavesdropper (Eve). Both parties must use two bases
and
, where both parties should use different indices
whenever they use the same basis [
50]. Moreover, the
index is publicly declared between two legitimate parties, which can be pointed to Alice’s prepared indices as
. and Bob’s measured indices as
.
In KMB09, the authors attempted to create a protocol that could withstand PNS attacks. In addition, KMB09 was created when other protocols were used for a few kilometers, where the system error rate could exceed the eavesdropper’s presence. The protocol was optimized by using an Index Transmission Error Rate (ITER) instead of QBER during the reconciliation phase. The next steps briefly explain the KMB09 protocol as follows:
Step 1: Alice randomly generates a sequence of classical bits, and then randomly specifies an index .
Step 2: Alice sends the prepared bits in a single photon into either or basis to Bob.
Step 3: Each incoming state is measured by Bob to be randomly switched between bases and .
Step 4: Alice announces in public communication to Bob about the random sequential indices to obtain the secret key.
Step 5: Bob translates the measurement outcomes.
Step 6: Bob communicates with Alice publicly to share that the photon measurements were successfully received and obtained the secret key.
Step 7: Alice and Bob can determine whether Eve is eavesdropping on the communication as Equation (5) [
51].
where
are bases, and the state of
is Eve’s possible measurement outcomes, and it is forwarded to Bob without alteration.
The polarization of a single photon is initiated in multi-dimensional states, as shown in
Figure 6, which is based on orthogonal or non-orthogonal bases [
52].
The KMB09 protocol is designed to be used under ideal conditions, where it is impossible for Alice and Bob to have different indices while using the same basis. This protocol is more robust against any eavesdropper who tries to hide his/her presence. In addition, the strong correlation between QBER and ITER makes the eavesdropper produce a distinct signature that is easy to detect.
2.2.6. The EPR Protocol
EPR Pair Paradox was inspired by Einstein, Podolsky, and Rosen, who presented a dialectical paper in 1935 [
53]. The presented theory has led to an argument about quantum mechanics, which is not a completely physical theory. The main concept uses three states of polarization considering
, where the polarization state of the photon is linearly polarized at angle
. More precisely, the EPR is a pair of particles that can be separated even over a great distance, so that both photons show in a paradox “action at a distance” [
54].
To explain the nature of the EPR pair paradox clearly, when one photon is measured on the right side, the outcome may be a vertical linear polarization state. On the other hand, the measurement will be a state on the left side, where the measured photons will be horizontally in a linear polarization state (and vice versa). Therefore, the EPR is one of the four Bell states as Equation (6).
The EPR protocol was presented by Artur K. Ekert in 1991 [
55], which is completely based on the use of an entanglement state between two remote parties. Moreover, few modifications have been made since the first EPR protocol has become popular. Hwang et al. [
56] explained some of these modifications to the EPR protocol. The EPR process is shown in steps that demonstrate the original protocol [
9]:
Step 1: Alice creates a sequence of EPR photons (entangled qubits)
, where one photon is stored in a quantum memory and sends the other to Bob.
Step 2: Both communicators randomly choose a sequence of bases (
); these bases are used to measure the particles at each side of the communication, as shown in
Table 6.
Step 3: In public, Alice and Bob match the outcomes of their measurements and keep only the qubits that were measured on the same basis, as in
Table 7.
The remaining of EPR protocol includes decisions made by communicating parties. The public channel will be the next choice to ignore any errors while exchanging qubits through the quantum channel. Therefore, classical communication is analogous to the reconciliation phase of the BB84 protocol.
2.2.7. The S09 Protocol
S09 protocol was presented by Esteban and Serna in 2012; this protocol has a different technique compared to the previous protocols. S09 relies on public-private key cryptography, and the main process of the S09 is based on exchanging a qubit multiple times to build a secret key between Alice and Bob. However, the S09 protocol transfers the qubit into any arbitrary state that is agreed on between Alice and Bob only through the quantum channel. The sequences of the S09 protocol are briefly explained as follows.
Step 1: Generate a bit by Alice that would be in element of a secret base to create a qubit , which in turn is sent to Bob with a quantum channel.
Step 2: Bob applies to qubit on the other side, which is only recognized by Bob. Thus, he can send the outcome of the qubit to Alice.
Step 3: When Alice receives the qubit, it is measured in the base
and includes bit j, where the qubit must be in a pure state
by the operator density [
50]:
where the interaction of the qubits
with the environment produces:
where
is an operator that acts in the space of a qubit. Subsequently, these operators convey the state of qubit
in the overlap.
Step 4: After a complex operation, parity bits are appended by the operators ().
Step 5: The previous step is attached to the distribution of the sent addresses or hashed values.
In addition, with the approach of this protocol, Eve can obtain nothing from her eavesdropping, since and transformations can be changed as frequently as needed. On the other hand, the S09 protocol has a complex exchange process that makes operating the protocol inefficient.
2.2.8. The S13 Protocol
S13 is a quantum key distribution protocol developed by Serna in 2013 [
57]. This protocol corresponds to the BB84 protocol in quantum procedures but differs in the classical channel. S13 was designed for implementation in current system devices, without the need for modifications.
Furthermore, S13 has the same quantum communication phase as BB84; however, this will be overlooked in this section because it is already explained in
Section 2.2.1. The second phase of the S13 protocol is explained as follows:
Quantum part
- -
Raw key exchange: (as shown in the BB84 protocol).
- -
Random seed: one of the communicating parties creates a random binary string
- -
Missing key exchange:
Alice makes a summation of the random binary string with the binary basis from the first part and obtains a binary basis . Alice then randomly generates another string of binary , where this is an exchanged key with Bob.
Bob sums each of the sequences sent to him by Alice with the created binary string , where . Thus, the sum becomes a binary string basis . Next, Bob measures the received state , with the correspondence of the basis to generate .
Classical part
Alice and Bob apply function
to different binary exchanges in a set of binary strings:
Asymmetric cryptography:
Step 1: Alice sums the binary string created by her in quantum part
with a random string of binary values that were created by missing the key exchange
.
where
will be sent to Bob.
Step 2: To obtain the public key, Bob encrypts:
Step 3: Alice makes a summation to obtain the private string of
, which is:
and then decrypts the string
.
Private Reconciliation:
Step 4: Bob receives the binary sequence
after completing the comparison between and by Alice.
Step 5: Bob sums the sequence of bases with , where .
This is to obtain the private string
.
Bob then obtains the private string from Alice .
Finally, the S13 protocol is designed to be functional with existing devices, especially in the exchange phase after a qubit transmission. Several exchanges in the public channel will lead to a waste of time, as well as a chance for an eavesdropper to tap data. Furthermore, S13 is an improvement of the S09 protocol, which was ranked as a complex QKD protocol.
2.2.9. The Differential-Phase-Shift Protocol
The Differential-Phase-Shift (DPS) protocol was developed in 2002 by Inoue et al. [
48]. The DPS protocol is based on four fully non-orthogonal states, in which Alice’s photon splits into three pulses and it is randomly modulated. On the other hand, Bob measures the incoming photons from Alice with a differential phase measurement. As mentioned in [
58], the DPS protocol is more suitable for fiber-optic transmission and provides a higher effective shared key than the BB84 protocol. Additionally, the DPS protocol has specific advantageous features that are included in a simple configuration, accurate time usage, and robustness again PNS attacks [
59].
Technically, the DPS is used to create a secret key between two parties, and it starts at Alice’s side when the single photon is divided into three paths (a, b, and c) and then recombined them using a beam splitter (BS) or optical switcher (SW), as shown in
Figure 7. Moreover, the time delay (between a, b and b, c) is equal, so that the recombined photon is converted to each of
. The incoming photons from Alice to Bob are divided into two paths and recombined using (50:50) beam splitters. The entire expected scenario of the DPS protocol is performed in the following sequential steps.
Step 1: At Alice’s side, a photon is sent from (a) to the short path on Bob’s side.
Step 2: Another photon is pushed through (a) to the long path on Bob’s side and through (b) to the short path.
Step 3: A photon is pushed through (b) to the long path on Bob’s side, and (c) to the short path.
Step 4: Another photon is pushed through (c) to the long path on Bob’s side.
In the first part of processing DPS, two probabilities overlap in steps (2) and (3), where the phase difference is
which depends on Alice’s modulation. Moreover, each detector clicks on (0) and the other clicks on
phase difference. Finally, when Bob’s detectors click, Bob records the time and knows which detector clicks. During the classical two-way communication, Alice knows which one clicks at Bob’s detector [
48,
58].