As recent disclosures have reminded us, security is not a simple matter. Most will tell you that the weak link in the chain is us : we simply don't use good security habits. But we're only one part of a number of issues. Although passwords are weaker than they should be, a strong password used on a weak system won't be much help. There is still a lot of necessary work being done to ensure that communication between parties is strongly encrypted.

One option that has received waves of attention over the last ten years is quantum key distribution (QKD). Despite its promise of absolute security, QKD has many practical difficulties that have limited it to niche applications. Now, in a nice bit of work, researchers have shown how to implement QKD for handheld devices.

A quick recap of QKD

Light has a property called polarization, which is measured with respect to a reference frame. So, for instance, horizontally polarized light has its electric field aligned with the ground, while vertically polarized light has its electric field aligned perpendicular to the ground. In between, we can have diagonal and anti-diagonal polarized light.

But the location of the ground is arbitrary. So the description of polarization consists of not just the measurement of the polarization, but also agreeing on a common frame of reference (called a basis set). It is these two factors that give QKD (QKD can also use other properties of light, but polarization is simplest to describe) its security.

To generate a key, Bob makes two choices: he chooses between two reference frames, and he chooses between two polarization states within a reference frame. After making that choice, he sends a single photon to Alice in one of four polarization states (two reference frames and two polarization states per reference frame). Alice does not know any of Bob's choices, so she chooses at random a reference frame, measures the polarization, and notes the result. If Alice and Bob choose different reference frames, then the results of Alice's measurement is entirely random. But, if they choose the same reference, then the result of Alice's measurement is not random, and Bob knows what her result should be.

After sending a long string of photons, Bob and Alice both have two lists: each has a list of reference frames, Alice has a list of measurement results, and Bob has a list of sent states. They share their list of reference frames. Where they both happened to choose the same reference frame, Alice will accurately measure the photon Bob sent. That means they can share the list of reference frames in an insecure manner and use that to choose the common entries.

Ideally, they should agree half of the time. If someone chooses to interfere by intercepting and resending single photons, that can be detected by examining the statistics of the measurement and seeing if this isn't the case. Hence, the key-generation process gives away the presence of an eavesdropper.

The devil: It loves details

A while ago, I wrote about how fiber optic cables mess up the polarization state . For QKD, the implications are not pretty. Every bit of stress (due to bending) and every temperature variation along the fiber cause havoc. Even a custom polarization-preserving fiber does not, in fact, preserve polarization. Or, to be accurate, polarization-preserving fibers preserve exactly two polarization states, which I will call horizontal and vertical for convenience.

But, in QKD described above, you need four states. So, if most of the states are continuously mangled by the intervening fiber, what can you do?

To understand what can be done, you need to look at the QKD hardware. At the server end, you have a normal laser that sends light pulses (not single photons) down a polarization-preserving fiber (in one of the states that it preserves) to the client. The client reduces the light intensity until the light pulse has only a single photon. Then it chooses randomly one of six polarization states (three reference frames, two polarization states per reference frame) and sets the photon to that state. Of those states, two are preserved, while the remaining four are not. These four states are the two diagonal states and left and right circular polarized light (see the technopaedia article). After the photon's polarization is set, it is sent back to the server.

At the client, one of the three reference frames is chosen at random and a measurement is made. Afterward, as before, the lists of reference frame choices are shared, and the key is derived from the measurements where both the server and the client chose the preserved reference frame.

Now, ordinarily, this would not work because four of the six polarization states are mangled by the fiber. With these behaving randomly, an eavesdropper would be able to perform a man-in-the-middle attack without being detected. But the choice of those particular polarization states is important, because they do not behave entirely randomly—the fiber modifies them in a correlated way. Specifically, the diagonal and right circular states are correlated. A photon sent as right circular polarized might be detected as diagonal, while the reverse happens to a diagonal photon: it is detected as right circular polarized.

If an eavesdropper starts making measurements, the correlation between these two unpreserved states is reduced, warning the users, who can cease transmission. Knowing this, the preserved states can be used to communicate the key, provided there is no eavesdropper.

The great thing about this is that the client is very simple, consisting of just an attenuator, a device to set the polarization, and a computer, all of which could fit in a package about the size of a mobile phone. Unfortunately, this is still a point-to-point device that needs fiber between the points, which most phones don't have. Still, as long as you are within a few kilometers of the server, you could connect and establish a secret key.

I am not unhappy with this progress. There have been ideas about distributing keys over longer distances, meaning that this could be the cheap endpoint to a long chain of expensive servers.

Physical Review Letters, DOI: 10.1103/PhysRevLett.112.130501