ABSTRACT:
Modern communication in absolute secrecy requires creation of new
intrinsically secure quantum communication channels. It is particularly
necessary during the first connection between two parties establishing
then in assumed unconditional security the secret cryptographic key
which is supposed to be used afterwards during normal information
exchanging. This new
emerging field of quantum information technology is based on a new type of light sources, in which numbers of emitted photons can be carefully controlled. Especially advantageous are sources of single photons emitted at strictly predetermined moments,
so called single-photon devices. Then any possible eavesdropper activity will be followed by some unavoidable disturbance which alerts both communication parties to an event. In the present paper, the Purcell effect associated with enhancement of spontaneous emission coupled to a resonator is explained, methods used to produce streams of ant bunched photons are given, mechanisms applied to control carrier injection into quantum dots are shown and some possible designs of single-photon devices are presented and described. These devices are based on taking advantage of both the Purcell effect and the atom-like energy spectrum of quantum dots. At the cutting edge of technology, quantum cryptography guarantees absolute confidentiality for information exchanged via an optic fibre. The secret of this ability lies in the possibility of storing information in the elementary constituent of light: the photon. CONTENTS Page No. • INTRODUCTION 2 • QUANTUM CRYPTOGRAPHY 3 • STREAMS OF ANTIBUNCHED PHOTONS 4 • CONTROL OF THE CARRIER INJECTION 5 • DESIGNS OF SINGLE-PHOTON DEVICES 6 • AN INFALLIBLE PROTOCOL 7 • SECURITY BASED QUANTUM MECHANICS 8 • TECHNOLOGICAL DEVELOPMENTS 8 • CONCLUSION 9 1. INTRODUCTION: How can we communicate secret messages and be sure that they are not read by an undesirable third person? Cryptography is the discipline that tries to answer this question. In traditional cryptography, only the Vernam cipher permits the establishment of an unconditionally secure channel between a sender (Alice) and a receiver (Bob). This method requires Alice and Bob both to agree on a secret key, which is determined beforehand. Alice encodes the message using this key, and the encoded message cannot then be decoded, except by using the same key, i.e., by Bob. The rule for encoding is simple. Suppose that Alice wants to transmit one bit of information. For this she uses one bit of the key, performing an ”exclusive-or” operation with the bit to be transmitted. Bob, on his part, can redo the same operation, which cancels out the first ”exclusive-or”, to decode the transmitted bit. Unfortunately, the Vernam cipher suffers from a major inconvenience. For the method to remain unbreakable, the key must consist of as many secret bits as the message to be transmitted, since the key can only be used once. Using a key more than once causes the Vernam cipher to lose its property of being unbreakable and allows a fairly easy cryptanalysis after successive transmissions. Strictly speaking, the secret key must originally be exchanged from hand to hand by Alice and Bob. This means that if one wants to transmit a gigabit of secret information, Alice and Bob must meet to exchange, for example, a CD-ROM containing a billion random bits. This procedure is not practical because it imposes that Alice and Bob must meet, even if they then want to communicate at a distance of 10 000 km. Mathematicians have therefore developed other cryptographic methods, looking to rectify these difficulties. The first difference between the Vernam cipher and current methods of encoding consists in replacing the simple”exclusive-or” operation by a much more complicated operation between the key and the plaintext message. Using these methods, it is practically infeasible to recover the plaintext from the encoded message, or even to recover the key from the plaintext together with corresponding encoded message, even if the key is much smaller than the message to be sent. This is the case, for example, with the DES block cipher , or the more recent Belgian Rijndael algorithm, chosen to be the new AES standard . Thanks to these algorithms, Alice and Bob can now exchange a small key, which is useful for encoding big messages. The price to be paid for this advantage is that absolute security is lost, and an assumption must be adopted. In theory, it is now possible to recover the plaintext message from the encoded message, but doing this is sufficiently difficult that we can suppose that the enemy does not have the computational resources to do it. In practice, this assumption is realistic. A hacker will find it much easier; in general, to exploit the weaknesses of an information processing system itself than to perform the necessary calculations to break the algorithm, even if in possession of today’s most powerful computers. Nevertheless, nothing says that in the long term, developments in mathematics or information theory will not make feasible the extraction of the plaintext message from the encoded message. The second improvement of modern cryptography is the introduction of public key cryptography, allowing Alice and Bob to exchange secret messages without meeting beforehand to exchange a key. In public key cryptosystems, widely used these days, each correspondent possesses two keys. One key is public and known to all (for example, it may be published in a directory) and only permits the encoding of a message, not the decoding. The second key, on the other hand, is private, and only permits decoding. To send a message from Alice to Bob, the procedure is as follows. If she hasn’t already done this, Alice procures Bob’s public key (from a public database, or perhaps she simply asks Bob for it). Then, Alice uses Bob’s public key to encode her confidential message and sends the encoded information to Bob. Bob is the only person in possession of the corresponding private key, and thus the only person able to decode the message which Alice has just sent him. In this scheme, the essential idea is that encoding is public, in the sense that anyone can send an encrypted message to Bob, but that decoding requires knowledge of the private key. Again, the practical advantages of public key cryptography should be weighed against the loss of security that is introduced (compared with the Vernam cipher). A connection exists between the public key and the corresponding private key, and it is therefore possible in theory to recover the one from the other. Nevertheless, it is fortunately very difficult to carry out this operation within the limits of current mathematical knowledge and the power of contemporary computers. In order to demonstrate these ideas, let us take the example of the Rivest-Shamir-Adleman (RSA) algorithm, which can be used as the basis of a public key cryptosystem . In this system, the private key can be deduced from the public key if one is able to factorize numbers larger than a certain number of digits, which is currently very difficult. In fact, while it is easy to multiply two large prime numbers together, recovering them from the product is much more difficult. Unfortunately, advances in factorizations always raise the bar for cryptographers, who must use keys, and thus numbers to factorize, that are larger and larger. In addition, if a mathematician one day discovers an algorithm enabling the rapid factorization of large numbers, he will be able to decode all messages encoded with RSA without anyone knowing it, since he has access to all the public keys. This danger is all the greater since physicists have devised a new method of doing calculations, using a quantum computer. This new generation of computers, still at an essentially theoretical stage, has the property of being able to solve rapidly certain problems that are believed to be difficult with traditional information theoretic techniques. Thus Peter Shor has discovered a quantum algorithm (that is an algorithm that runs on a quantum computer) allowing the factorization of large numbers in a reasonable time. It seems, therefore, that many dangers are present for the long term security of current cryptographic techniques. Classical cryptography, while popular and currently offering a level of security that is largely sufficient, gives no long term guarantee of the messages it is used to protect. This is why we want to present here an alternative manner of securing the confidentiality of a message, without relying on technological assumptions, or complexity assumptions (i.e., assumptions about the speed with which a certain mathematical operation can be carried out using the computers of today). 2. QUANTUM CRYPTOGRAPHY: Are we then condemned to exchange, by hand and in advance, megabits of secret keys in order to guarantee absolute security? From the point of view of the most fundamental laws of physics known today, there is another possibility. Quantum physics, describing the individual dynamics of each elementary particle (photons, electrons,. . . ) that makes up our universe can offset this difficulty and allows the construction of communication protocols with no security weaknesses. This is the aim of quantum cryptography. Quantum cryptography was born around 20 years ago when two researchers, Charles Bennett and Gilles Brassard , had the idea of using quantum physics for transmitting confidential messages. The transmission is achieved using individual photons (”quanta” of light) sent from a sender (Alice) to a receiver (Bob) via an optic fiber. A theorem known as the ”no-cloning theorem ” prevents a third party (Eve) from being able to decode the information transmitted. Indeed it can be shown that if one does not have in advance a precise characterization of the quantum state describing the light, and in particular of the state of the photon, then it is impossible to reproduce the state, that is to make a clone. In fact, the simple act of observing a photon, in order to determine its state, disturbs it in such a way that afterwards, one cannot return it to its initial state, or produce a clone. The no-cloning theorem is bad news for anyone wanting to determine completely the quantum state of a photon. On the other hand, it can be seen as positive from the point of view of cryptography. Eve, who wants to read the secret information without being detected, needs to copy the quantum state of the photon. Since this is impossible, Fig. 1. A single photon impinging upon a filter that only allows vertically polarized light to pass. (a) Vertically polarized photons pass through the filter without being absorbed. (b) Horizontally polarized photons are all absorbed. (c) Diagonally polarized photons are absorbed or transmitted at random. An observer placed after the filter cannot, therefore, determine in a deterministic manner the state of the photon before the filter, in contrast with the vertical-horizontal case. She must at least determine the quantum state of the photon. But by attempting to do this, she introduces disturbances, and can therefore be detected by Alice and Bob. The essential goal, then, is for Alice and Bob to exchange a secret key with the assurance that any attempt at eavesdropping by a third party will be detected. If this secret key is correctly transmitted, then Alice and Bob can use it with the Vernam cipher method described above, thus obtaining a cryptosystem that is unconditionally secure even at a distance. Beginning with the idea of no-cloning, researchers have described a communication protocol that uses the polarization of photons to encode the bits that will be the secret key. Photons possess two states of polarization that can be distinguished using a polarizing filter (such as a calcite crystal, for example). Like this, vertically polarized light will pass through a filter oriented in the same sense, while horizontally polarized light will not pass, but will be absorbed by the filter. If now the light is diagonally polarized at 450, only half of the light intensity will pass. What happens if we only allow a single photon at a time, diagonally polarized, to impinge upon the filter? Clearly the photon cannot be divided into two, since it is the indivisible building block of light. Experiment shows that, as predicted by quantum theory, half of the time the photon will pass through the filter, and half of the time it will be absorbed. 3. STREAMS OF ANTIBUNCHED PHOTONS: Light generation in standard diode lasers and light-emitting diodes can be described with classical Maxwell’s equations. Then photons emitted by such classical light sources follow Poisson statistics, which means that their emission events are not correlated with one another. Secure quantum communication channels require, however, weak optical sources with strong quantum correlations between single photons, which may be realized with the aid of the fundamental principles of quantum mechanics. Then, a regulated photon stream pulses containing one and only one identical photon each in a given time interval is emitted. Such an anti bunched source of identical photons is useful in the new field of quantum cryptography, because, using it in the quantum communication channel, information exchanged by both authorized parties cannot be gathered unnoticeably by an eavesdropper. Stream of anti bunched photons was first observed from single atoms and ions in traps excited by a laser. The most promising realization of such a generation is, however, connected with an atom-like structure of quantum dots (QDs) and their strong confinement of electrons and holes. Most importantly, quantum dots can be conveniently integrated in high-Q micro cavities that improve the collection efficiency of the single photon train emitted by the dot. Moreover, QD may also emit two correlated (entangled) photons when two electron-hole pairs are injected into it and the bi-exciton state is created. For a large-scale implementation of secure telecommunication systems based on quantum cryptography, it is crucial to produce room-temperature operating electrically driven compact sources of single photons. It may be realized, for example, by an integration of a single QD in a light-emitting diode with a distributed-Bragg-reflector micro cavity, whose fundamental mode should be on resonance with the QD photons. Thus, QD light-emitting diodes may provide attractive sources of single photons for secure quantum communication channels. The most crucial problem is associated with an efficient injection of single carriers into a single quantum dot, which will be analyzed in Section 4. Possible photon anti bunching can be experimentally detected with the aid of measuring the joint probability of an arrival of one photon at the time t and another one at the time t + T It is described by the normalised second order intensity correlation function g(2)( ). Where I1 and I2 are the emission intensities detected by two single-photon counting detectors, so in this experimental setup the time interval between two successive photons is measured. For perfectly single-photon devices, g(2)( ). In fact, in real devices, measurements of g(2)( ) indicate a distinct dip at zero time delay, which means that after an emission of the first photon a single-photon device needs some time to be excited again which is necessary to emit a next photon. 4. CONTROL OF THE CARRIER INJECTION: In order to obtain emission of single photons, single electron- hole pairs should be carefully injected into their recombination regions. It is possible, for example, in a hetero structure proposed by Imamoðlu and Yamamoto. Its band model is shown in Fig. 1. Assuming the junction voltage Vj well below the built-in potential Vb Where kB is the Boltzmann constant and T stands for temperature, the carrier injection into the recombination quantum well (or quantum dot) takes place by successive resonant tunneling of electrons and holes into the QW (QD) which is followed by their radioactive recombination. The electron resonant tunneling is allowed [see Fig. 1(a)] when its quasi-Fermi energy Fe is higher than the first electron energy level Ee in the quantum well (QD) Fig. 1. Band structure of the first single-photon device proposed by Imamoðlu and Yamamoto. Notation used is explained in the text. Whereas analogous hole resonant tunneling may take place where its quasi-Fermi energy Fh is lower than the first hole energy level Eh [Fig. 1(b)] Where Ec and Ev stand for the conduction-band and the valence- band edges, respectively. In the analysis, electrostatic interactions connected with a presence of the electron We or the hole Wh are taken into account where Cn and Cp are the capacitances of the n-part and the p-part, respectively, of the QW (QD) surrounding. Successive electron and hole resonant tunneling events into the recombination QW (or QD) may be carefully controlled with the proper applied junction voltage Vj(t) = V0 + v(t), Where v(t) is in a form of square pulses: v(t) = 0 for the electron injection and v(t) = _V for the hole injection. V0 and _V should be properly chosen to enable fulfilling the conditions of Eqs. (4) and (5), respectively. Then, during the first part of the cycle, when v(t) = 0, the single electron resonant tunneling is enhanced. Next the hole injection takes place, when v(t) = _V. A possible second tunneling event of a carrier of the same kind is blocked by the Coulomb blockade. Therefore within one cycle, a single electron and a single hole are injected into the QW (QD) which is followed by their recombination. If this hetero structure is properly coupled with a resonator, then single photons generated in its QW (QD) are spontaneously emitted into a resonator mode. This idea has been used in a first experimental demonstration of a single photon turnstile device using a micro post QW hetero structure. Unfortunately, until now this approach has been limited to extremely low temperatures (< 0.1 K,) because of relatively small Coulomb splitting and broadening with temperature of energy distributions of electrons and holes in layers from which a careful carrier injection into the QW (QD) is supposed to take place. The above temperature limit may be considerably increased when, to control the carrier injection, the Pauli Exclusion Principle is used instead of the previous Coulomb blockade. In a QD device proposed by Benson et al., first two electrons are injected into QD, which is followed by an analogous injection of two holes. Because of the Pauli exclusion principle, next electron or hole tunneling events are suppressed since both electron and hole ground states are already filled with a pair of carriers of opposite spins. At first, they will occupy ordinary single-particle states, but because of strong electrostatic interactions between the carriers, they finally create a biexciton state. During one modulation cycle, a biexciton is created, so an entangled pair of photons may be emitted. To receive only one photon, two methods may be applied. One of them is associated with different circular polarizations of both photons. The second one is associated with an additional bi exciton binding energy. Hence, during a recombination of the first electron-hole pair, a photon of slightly lower energy is emitted than during the second ‘exciton’ recombination. So, both photons may be spectrally separated. It may be done with the aid of a precise adjustment of the ‘exciton’ photon to the energy of the resonant high-Q cavity mode. Then the spontaneous emission of these photons is enhanced thank to the Purcell effect whereas the ‘biexciton’ photons cannot be efficiently coupled to this mode. As a result, only the last photon, the ‘exciton’ photon of well defined frequency, is emitted by the device during each excitation cycle. Permissible operation temperature of the device taking advantage of the Pauli Exclusion Principle is much higher than that of the previous one because the small Coulomb splitting is now replaced by much larger splitting between ground and excited states of the carriers in both allowed bands. This difference depends on the QD size and, in devices with smaller QDs, their operation at temperatures up to 50 K is possible. Small enough QDs may even have only one electron and one-hole states. So, there is still a room for improvement. 5. POSSIBLE DESIGNS OF SINGLE-PHOTON DEVICES: A complete QD single-photon device is composed of the single QD active region properly coupled with a micro resonator. Strictly speaking, the QD should be placed exactly in the antinode position of the selected resonant-mode standing wave to optimize the coupling. Only such a QD, which is both well matched spectrally with the resonant cavity mode and located close to its antinode, experiences a strong enhancement of its spontaneous emission rate. There are various resonator structures used in QD single- photon devices. Its simplest version is probably the micro post (or micro pillar) cavity shown schematically in Fig. 2(a). The Purcell enhancement factor FP, Eq. (1), is inversely proportional to the mode volume, therefore diameters of resonator pillars are rather small (even < 0.5 µm) and additionally their tapering shape is sometimes produced by etching with a minimal cross-section close to the active region. The cross-sectional areas of the active region as low as only 0.04 µm2 were achieved. The spontaneous emission lifetime has been found to be decreased from 1.3 ns to 250–280 ps by coupling to a micro pillar cavity. For a typical 1-m micro pillar, quality factor Q as high as 2250 has been reported, which corresponds to the Purcell enhancement factor FP as large as 32. Robert et al. have proposed elliptical cross-section micro pillars to obtain single photons of exactly the same polarization. The above micro post cavity may be modified in a way shown in Fig. 2(b) to produce the micro disk cavity. It supports a series of whispering gallery modes. The modes are tightly confined by total internal reflections at the lateral edge of the disk, so resonators of very high quality factors Q are available. Routinely Q values as high as over 10 000 are obtained which corresponds to the Purcell factor of the order of 125. Therefore micro disks appear excellent candidates for possible single-photon devices which are expected to operate at temperature range easily extended to 77 K. Room-temperature operation is believed to be achieved by using QDs with higher confinement potential to avoid non-radiative recombination in barriers. Still another single-photon device has been proposed by Yuan et al. It is a p-i-n diode [Fig. 2(c)] with a layer containing QDs. To confine the emission area to just one QD, special opaque metal layer is formed on the device surface with a small aperture just over the chosen QD. Fig. 2. Schematic structures of QD single-photon devices: (a) with a micro post (micro pillar) cavity, (b) with a micro disk cavity, (c) with a DBR cavity of a p-i-n diode, (d) with a micro sphere cavity. All the above QD designs of single-photon sources are compact semiconductor devices. But emission of single photons may be also achieved in more complex structures, e.g., in a sample containing an isolated QD coupled with a glass micro sphere cavity [Fig. 2(d)]. Such a sphere may be produced by melting the tip of an optical fiber with a CO2 laser. Its quality factor Q may be extremely high (even as high as 3×109,). Extremely-low threshold semiconductor laser based on this structure was proposed by Pelton and Yamamoto. 6. AN INFALLIBLE PROTOCOL: If Alice limits herself to encoding secret bits in the two polarization states, vertical and horizontal, then Bob is able to read these bits by distinguishing the polarization of each photon using a filter. But then Eve is able to intercept the communication without being detected. It suffices for her to read the bits in the same manner as Bob, and then to encode once more the bits in the same manner as Alice, in the polarization states of photons which she sends on to Bob. However, suppose that Alice uses a strategy in which she encodes bits half of the time in photons that are polarized either horizontally or vertically, and half of the time in photons polarized diagonally at 450 and 1350. In this case, Eve would need to distinguish between four distinct polarization states. But a polarizing filter can only distinguish between states of polarization along two orthogonal axes, and according to the principles of quantum mechanics, no device can exist that could distinguish one out of the four polarization states. This impossibility is an illustration of the famous no cloning theorem. If such a polarizer existed, we could characterize the polarization state of the photon in a non-ambiguous manner and create as many clones as necessary in the same state. Like this, Eve could keep a copy for herself and send another to Bob, all without being detected. Given the no-cloning theorem, however, the best she can do is to orient her polarizer at random in the vertical or diagonal sense, which will inevitably introduce errors and disturb the communication. What is true for Eve is also inevitably true for Bob, who must also choose the axis in which to measure the polarization. In order to exchange secret bits in this scenario, Bob must therefore communicate publicly to Alice the axis of polarization in which he performed his measurement. Then, Alice compares the axis in which she sent each bit with the axis chosen by Bob. If they correspond, Alice lets Bob know publicly, and a secret bit has thus been established; if not the bit must simply be rejected, as there is no correspondence. Any intervention by Eve will always end up introducing errors in the bits shared by Alice and Bob. Suppose, for example, that Eve measures a photon in the diagonal basis, while Alice had sent the photon with vertical polarization. Eve sends a photon on to Bob with the polarization that she measured. If Bob measures horizontal polarization, then although Alice’s and Bob’s measurement axes correspond, they will obtain different values for the secret bit. To detect the presence of Eve, it suffices therefore to sacrifice a small number of the large number of bits exchanged. This small fraction of the total number of bits is exchanged publicly between Alice and Bob in order to verify the rate of error of the communication. If this rate, which will also inevitably include errors due to technical imperfections, is abnormally high then this indicates that the communication has been intercepted. 7. GOODNESS OF SECURITY BASED QUANTUM MECHANICS: In this protocol, the security is based, amongst other things, on the non-existence of a polarizing filter that allows four polarization states to be distinguished. How can we believe this? Should we trust physicists? Quantum theory allows us to understand, in the most precise manner to date, all known physical phenomena. It describes equally well microscopic phenomena, from elementary particles to atoms, and macroscopic phenomena, which follow from the collective dynamics of these same particles and atoms. And if this theory’s century of existence, during which it has never been at fault, is not sufficient to convince the reader, can we not imagine that a ghostly, perhaps invisible, man can look inside the computers of others? Quantum theory does not predict these eventualities, nor can other malevolent demons exist. In other words to believe in the reality of the world that surrounds us is also to believe in the predictions of quantum physics. 8. CURRENT TECHNOLOGICAL DEVELOPMENTS: Based on the same fundamental principle, numerous laboratories have been able to realize experimentally quantum cryptographic protocols. An optic cable from an ordinary telephone network has been used to transport confidential quantum information over 20 km, under Lake L´eman. Without going into details, the system uses optical interferometer rather than the polarization of light for transmitting information. However, the apparatus, while perfectly operational, still presents some problems. The first problem is that, due to signal losses in the optic fibre, the transmission can only take place over a relatively short distance, limiting the possible applications to communications within, say, a large town. This problem is the object of a theoretical investigation, and while some progress has been made by researchers, it has not been entirely resolved. The second problem is that experimental production of single photon pulses, as well as their detection, is still imperfect. Perfect control over the dynamics of a photon, from its creation until its detection, would allow a higher rate of transmission of secret bits. Obviously, research and development in these areas are proceeding constantly and the results will be commercially viable in a relatively short time. Many other improvements to quantum cryptography are currently being studied, both at the Universit´e Libre de Bruxelles, in the Service Th´eorie de l’Information et des Communications, and elsewhere. Several ongoing research projects, in collaboration with the Service Optique et Acoustique and the Service Physique Th´eorique, aim to improve the rate at which secret bits are exchanged, or the range of cryptographic apparatus by using alphabets larger than the binary one. Other theoretical projects, involving collaboration with other European universities, concentrate on the possibility of using beams of light that are more intense (i.e., have more photons), but which keep the quantum characteristics allowing quantum cryptography, in order to bypass the problems associated with single photon techniques. These possibilities involve so called”coherent” and”squeezed” states of light. 9. QUANTUM CRYPTOGRAPHY: AN INTERDISCIPLINARY SUBJECT As one can see, quantum cryptography gathers together a multitude of disciplines. One finds very abstract questions of mathematics and of fundamental physics that bear on quantum mechanics, questions of how to improve the performance of the necessary optical instruments (lasers, detectors, and optical fibres), and questions of how to adapt the results to industrial ends, not to mention the ethical questions posed by the issue of confidentiality in today’s world. In short, it is a contemporary field that covers a very large range of disciplines, from fundamental physics to industrial applications. The results of this research should improve the security of our confidential transmissions, all the more important in the light of online commerce and financial transactions. 10. CONCLUSION: An optical device emitting a train of pulses that contain one and only one photon (i.e. a single-photon device) is an essential element of secure key distribution in quantum cryptography. Then an eavesdropper cannot capture information about the secret key without being noticed because such an event unavoidably modifies the state of a single quantum system. In this way, the quantum cryptography exploits the fundamental principles of quantum mechanics to provide unconditional security for communication. According to Gerard and Gayral, three conditions should be fulfilled in order to get an efficient single-photon device. First of all, the carrier transport and recombination phenomena should ensure generation of single photons. They should be on resonance (high _, close to one) with a single high-Q mode of a coupled cavity. Besides, to avoid non radiative emission, the photon emission should be characterized by quantum efficiency very close to one. Thus an ideal compact single-photon device is composed of a single quantum-dot active region coupled with a single resonant mode of a micro resonator in such a way that the QD is placed exactly in the antinode position of the resonant-mode standing wave. Until now, various cavity structures are considered. Not meaningless is also compactness of the whole device. The history of single-photon devices designed for quantum cryptography is still rather short. Secure communication channels are important in many applications, practically for all of us. It may be expected that many new more compact, high-performance, room-temperature, easy to use quantum cryptography single-photon devices will be invented and designed in the closest future. A market demand is very strong.
emerging field of quantum information technology is based on a new type of light sources, in which numbers of emitted photons can be carefully controlled. Especially advantageous are sources of single photons emitted at strictly predetermined moments,
so called single-photon devices. Then any possible eavesdropper activity will be followed by some unavoidable disturbance which alerts both communication parties to an event. In the present paper, the Purcell effect associated with enhancement of spontaneous emission coupled to a resonator is explained, methods used to produce streams of ant bunched photons are given, mechanisms applied to control carrier injection into quantum dots are shown and some possible designs of single-photon devices are presented and described. These devices are based on taking advantage of both the Purcell effect and the atom-like energy spectrum of quantum dots. At the cutting edge of technology, quantum cryptography guarantees absolute confidentiality for information exchanged via an optic fibre. The secret of this ability lies in the possibility of storing information in the elementary constituent of light: the photon. CONTENTS Page No. • INTRODUCTION 2 • QUANTUM CRYPTOGRAPHY 3 • STREAMS OF ANTIBUNCHED PHOTONS 4 • CONTROL OF THE CARRIER INJECTION 5 • DESIGNS OF SINGLE-PHOTON DEVICES 6 • AN INFALLIBLE PROTOCOL 7 • SECURITY BASED QUANTUM MECHANICS 8 • TECHNOLOGICAL DEVELOPMENTS 8 • CONCLUSION 9 1. INTRODUCTION: How can we communicate secret messages and be sure that they are not read by an undesirable third person? Cryptography is the discipline that tries to answer this question. In traditional cryptography, only the Vernam cipher permits the establishment of an unconditionally secure channel between a sender (Alice) and a receiver (Bob). This method requires Alice and Bob both to agree on a secret key, which is determined beforehand. Alice encodes the message using this key, and the encoded message cannot then be decoded, except by using the same key, i.e., by Bob. The rule for encoding is simple. Suppose that Alice wants to transmit one bit of information. For this she uses one bit of the key, performing an ”exclusive-or” operation with the bit to be transmitted. Bob, on his part, can redo the same operation, which cancels out the first ”exclusive-or”, to decode the transmitted bit. Unfortunately, the Vernam cipher suffers from a major inconvenience. For the method to remain unbreakable, the key must consist of as many secret bits as the message to be transmitted, since the key can only be used once. Using a key more than once causes the Vernam cipher to lose its property of being unbreakable and allows a fairly easy cryptanalysis after successive transmissions. Strictly speaking, the secret key must originally be exchanged from hand to hand by Alice and Bob. This means that if one wants to transmit a gigabit of secret information, Alice and Bob must meet to exchange, for example, a CD-ROM containing a billion random bits. This procedure is not practical because it imposes that Alice and Bob must meet, even if they then want to communicate at a distance of 10 000 km. Mathematicians have therefore developed other cryptographic methods, looking to rectify these difficulties. The first difference between the Vernam cipher and current methods of encoding consists in replacing the simple”exclusive-or” operation by a much more complicated operation between the key and the plaintext message. Using these methods, it is practically infeasible to recover the plaintext from the encoded message, or even to recover the key from the plaintext together with corresponding encoded message, even if the key is much smaller than the message to be sent. This is the case, for example, with the DES block cipher , or the more recent Belgian Rijndael algorithm, chosen to be the new AES standard . Thanks to these algorithms, Alice and Bob can now exchange a small key, which is useful for encoding big messages. The price to be paid for this advantage is that absolute security is lost, and an assumption must be adopted. In theory, it is now possible to recover the plaintext message from the encoded message, but doing this is sufficiently difficult that we can suppose that the enemy does not have the computational resources to do it. In practice, this assumption is realistic. A hacker will find it much easier; in general, to exploit the weaknesses of an information processing system itself than to perform the necessary calculations to break the algorithm, even if in possession of today’s most powerful computers. Nevertheless, nothing says that in the long term, developments in mathematics or information theory will not make feasible the extraction of the plaintext message from the encoded message. The second improvement of modern cryptography is the introduction of public key cryptography, allowing Alice and Bob to exchange secret messages without meeting beforehand to exchange a key. In public key cryptosystems, widely used these days, each correspondent possesses two keys. One key is public and known to all (for example, it may be published in a directory) and only permits the encoding of a message, not the decoding. The second key, on the other hand, is private, and only permits decoding. To send a message from Alice to Bob, the procedure is as follows. If she hasn’t already done this, Alice procures Bob’s public key (from a public database, or perhaps she simply asks Bob for it). Then, Alice uses Bob’s public key to encode her confidential message and sends the encoded information to Bob. Bob is the only person in possession of the corresponding private key, and thus the only person able to decode the message which Alice has just sent him. In this scheme, the essential idea is that encoding is public, in the sense that anyone can send an encrypted message to Bob, but that decoding requires knowledge of the private key. Again, the practical advantages of public key cryptography should be weighed against the loss of security that is introduced (compared with the Vernam cipher). A connection exists between the public key and the corresponding private key, and it is therefore possible in theory to recover the one from the other. Nevertheless, it is fortunately very difficult to carry out this operation within the limits of current mathematical knowledge and the power of contemporary computers. In order to demonstrate these ideas, let us take the example of the Rivest-Shamir-Adleman (RSA) algorithm, which can be used as the basis of a public key cryptosystem . In this system, the private key can be deduced from the public key if one is able to factorize numbers larger than a certain number of digits, which is currently very difficult. In fact, while it is easy to multiply two large prime numbers together, recovering them from the product is much more difficult. Unfortunately, advances in factorizations always raise the bar for cryptographers, who must use keys, and thus numbers to factorize, that are larger and larger. In addition, if a mathematician one day discovers an algorithm enabling the rapid factorization of large numbers, he will be able to decode all messages encoded with RSA without anyone knowing it, since he has access to all the public keys. This danger is all the greater since physicists have devised a new method of doing calculations, using a quantum computer. This new generation of computers, still at an essentially theoretical stage, has the property of being able to solve rapidly certain problems that are believed to be difficult with traditional information theoretic techniques. Thus Peter Shor has discovered a quantum algorithm (that is an algorithm that runs on a quantum computer) allowing the factorization of large numbers in a reasonable time. It seems, therefore, that many dangers are present for the long term security of current cryptographic techniques. Classical cryptography, while popular and currently offering a level of security that is largely sufficient, gives no long term guarantee of the messages it is used to protect. This is why we want to present here an alternative manner of securing the confidentiality of a message, without relying on technological assumptions, or complexity assumptions (i.e., assumptions about the speed with which a certain mathematical operation can be carried out using the computers of today). 2. QUANTUM CRYPTOGRAPHY: Are we then condemned to exchange, by hand and in advance, megabits of secret keys in order to guarantee absolute security? From the point of view of the most fundamental laws of physics known today, there is another possibility. Quantum physics, describing the individual dynamics of each elementary particle (photons, electrons,. . . ) that makes up our universe can offset this difficulty and allows the construction of communication protocols with no security weaknesses. This is the aim of quantum cryptography. Quantum cryptography was born around 20 years ago when two researchers, Charles Bennett and Gilles Brassard , had the idea of using quantum physics for transmitting confidential messages. The transmission is achieved using individual photons (”quanta” of light) sent from a sender (Alice) to a receiver (Bob) via an optic fiber. A theorem known as the ”no-cloning theorem ” prevents a third party (Eve) from being able to decode the information transmitted. Indeed it can be shown that if one does not have in advance a precise characterization of the quantum state describing the light, and in particular of the state of the photon, then it is impossible to reproduce the state, that is to make a clone. In fact, the simple act of observing a photon, in order to determine its state, disturbs it in such a way that afterwards, one cannot return it to its initial state, or produce a clone. The no-cloning theorem is bad news for anyone wanting to determine completely the quantum state of a photon. On the other hand, it can be seen as positive from the point of view of cryptography. Eve, who wants to read the secret information without being detected, needs to copy the quantum state of the photon. Since this is impossible, Fig. 1. A single photon impinging upon a filter that only allows vertically polarized light to pass. (a) Vertically polarized photons pass through the filter without being absorbed. (b) Horizontally polarized photons are all absorbed. (c) Diagonally polarized photons are absorbed or transmitted at random. An observer placed after the filter cannot, therefore, determine in a deterministic manner the state of the photon before the filter, in contrast with the vertical-horizontal case. She must at least determine the quantum state of the photon. But by attempting to do this, she introduces disturbances, and can therefore be detected by Alice and Bob. The essential goal, then, is for Alice and Bob to exchange a secret key with the assurance that any attempt at eavesdropping by a third party will be detected. If this secret key is correctly transmitted, then Alice and Bob can use it with the Vernam cipher method described above, thus obtaining a cryptosystem that is unconditionally secure even at a distance. Beginning with the idea of no-cloning, researchers have described a communication protocol that uses the polarization of photons to encode the bits that will be the secret key. Photons possess two states of polarization that can be distinguished using a polarizing filter (such as a calcite crystal, for example). Like this, vertically polarized light will pass through a filter oriented in the same sense, while horizontally polarized light will not pass, but will be absorbed by the filter. If now the light is diagonally polarized at 450, only half of the light intensity will pass. What happens if we only allow a single photon at a time, diagonally polarized, to impinge upon the filter? Clearly the photon cannot be divided into two, since it is the indivisible building block of light. Experiment shows that, as predicted by quantum theory, half of the time the photon will pass through the filter, and half of the time it will be absorbed. 3. STREAMS OF ANTIBUNCHED PHOTONS: Light generation in standard diode lasers and light-emitting diodes can be described with classical Maxwell’s equations. Then photons emitted by such classical light sources follow Poisson statistics, which means that their emission events are not correlated with one another. Secure quantum communication channels require, however, weak optical sources with strong quantum correlations between single photons, which may be realized with the aid of the fundamental principles of quantum mechanics. Then, a regulated photon stream pulses containing one and only one identical photon each in a given time interval is emitted. Such an anti bunched source of identical photons is useful in the new field of quantum cryptography, because, using it in the quantum communication channel, information exchanged by both authorized parties cannot be gathered unnoticeably by an eavesdropper. Stream of anti bunched photons was first observed from single atoms and ions in traps excited by a laser. The most promising realization of such a generation is, however, connected with an atom-like structure of quantum dots (QDs) and their strong confinement of electrons and holes. Most importantly, quantum dots can be conveniently integrated in high-Q micro cavities that improve the collection efficiency of the single photon train emitted by the dot. Moreover, QD may also emit two correlated (entangled) photons when two electron-hole pairs are injected into it and the bi-exciton state is created. For a large-scale implementation of secure telecommunication systems based on quantum cryptography, it is crucial to produce room-temperature operating electrically driven compact sources of single photons. It may be realized, for example, by an integration of a single QD in a light-emitting diode with a distributed-Bragg-reflector micro cavity, whose fundamental mode should be on resonance with the QD photons. Thus, QD light-emitting diodes may provide attractive sources of single photons for secure quantum communication channels. The most crucial problem is associated with an efficient injection of single carriers into a single quantum dot, which will be analyzed in Section 4. Possible photon anti bunching can be experimentally detected with the aid of measuring the joint probability of an arrival of one photon at the time t and another one at the time t + T It is described by the normalised second order intensity correlation function g(2)( ). Where I1 and I2 are the emission intensities detected by two single-photon counting detectors, so in this experimental setup the time interval between two successive photons is measured. For perfectly single-photon devices, g(2)( ). In fact, in real devices, measurements of g(2)( ) indicate a distinct dip at zero time delay, which means that after an emission of the first photon a single-photon device needs some time to be excited again which is necessary to emit a next photon. 4. CONTROL OF THE CARRIER INJECTION: In order to obtain emission of single photons, single electron- hole pairs should be carefully injected into their recombination regions. It is possible, for example, in a hetero structure proposed by Imamoðlu and Yamamoto. Its band model is shown in Fig. 1. Assuming the junction voltage Vj well below the built-in potential Vb Where kB is the Boltzmann constant and T stands for temperature, the carrier injection into the recombination quantum well (or quantum dot) takes place by successive resonant tunneling of electrons and holes into the QW (QD) which is followed by their radioactive recombination. The electron resonant tunneling is allowed [see Fig. 1(a)] when its quasi-Fermi energy Fe is higher than the first electron energy level Ee in the quantum well (QD) Fig. 1. Band structure of the first single-photon device proposed by Imamoðlu and Yamamoto. Notation used is explained in the text. Whereas analogous hole resonant tunneling may take place where its quasi-Fermi energy Fh is lower than the first hole energy level Eh [Fig. 1(b)] Where Ec and Ev stand for the conduction-band and the valence- band edges, respectively. In the analysis, electrostatic interactions connected with a presence of the electron We or the hole Wh are taken into account where Cn and Cp are the capacitances of the n-part and the p-part, respectively, of the QW (QD) surrounding. Successive electron and hole resonant tunneling events into the recombination QW (or QD) may be carefully controlled with the proper applied junction voltage Vj(t) = V0 + v(t), Where v(t) is in a form of square pulses: v(t) = 0 for the electron injection and v(t) = _V for the hole injection. V0 and _V should be properly chosen to enable fulfilling the conditions of Eqs. (4) and (5), respectively. Then, during the first part of the cycle, when v(t) = 0, the single electron resonant tunneling is enhanced. Next the hole injection takes place, when v(t) = _V. A possible second tunneling event of a carrier of the same kind is blocked by the Coulomb blockade. Therefore within one cycle, a single electron and a single hole are injected into the QW (QD) which is followed by their recombination. If this hetero structure is properly coupled with a resonator, then single photons generated in its QW (QD) are spontaneously emitted into a resonator mode. This idea has been used in a first experimental demonstration of a single photon turnstile device using a micro post QW hetero structure. Unfortunately, until now this approach has been limited to extremely low temperatures (< 0.1 K,) because of relatively small Coulomb splitting and broadening with temperature of energy distributions of electrons and holes in layers from which a careful carrier injection into the QW (QD) is supposed to take place. The above temperature limit may be considerably increased when, to control the carrier injection, the Pauli Exclusion Principle is used instead of the previous Coulomb blockade. In a QD device proposed by Benson et al., first two electrons are injected into QD, which is followed by an analogous injection of two holes. Because of the Pauli exclusion principle, next electron or hole tunneling events are suppressed since both electron and hole ground states are already filled with a pair of carriers of opposite spins. At first, they will occupy ordinary single-particle states, but because of strong electrostatic interactions between the carriers, they finally create a biexciton state. During one modulation cycle, a biexciton is created, so an entangled pair of photons may be emitted. To receive only one photon, two methods may be applied. One of them is associated with different circular polarizations of both photons. The second one is associated with an additional bi exciton binding energy. Hence, during a recombination of the first electron-hole pair, a photon of slightly lower energy is emitted than during the second ‘exciton’ recombination. So, both photons may be spectrally separated. It may be done with the aid of a precise adjustment of the ‘exciton’ photon to the energy of the resonant high-Q cavity mode. Then the spontaneous emission of these photons is enhanced thank to the Purcell effect whereas the ‘biexciton’ photons cannot be efficiently coupled to this mode. As a result, only the last photon, the ‘exciton’ photon of well defined frequency, is emitted by the device during each excitation cycle. Permissible operation temperature of the device taking advantage of the Pauli Exclusion Principle is much higher than that of the previous one because the small Coulomb splitting is now replaced by much larger splitting between ground and excited states of the carriers in both allowed bands. This difference depends on the QD size and, in devices with smaller QDs, their operation at temperatures up to 50 K is possible. Small enough QDs may even have only one electron and one-hole states. So, there is still a room for improvement. 5. POSSIBLE DESIGNS OF SINGLE-PHOTON DEVICES: A complete QD single-photon device is composed of the single QD active region properly coupled with a micro resonator. Strictly speaking, the QD should be placed exactly in the antinode position of the selected resonant-mode standing wave to optimize the coupling. Only such a QD, which is both well matched spectrally with the resonant cavity mode and located close to its antinode, experiences a strong enhancement of its spontaneous emission rate. There are various resonator structures used in QD single- photon devices. Its simplest version is probably the micro post (or micro pillar) cavity shown schematically in Fig. 2(a). The Purcell enhancement factor FP, Eq. (1), is inversely proportional to the mode volume, therefore diameters of resonator pillars are rather small (even < 0.5 µm) and additionally their tapering shape is sometimes produced by etching with a minimal cross-section close to the active region. The cross-sectional areas of the active region as low as only 0.04 µm2 were achieved. The spontaneous emission lifetime has been found to be decreased from 1.3 ns to 250–280 ps by coupling to a micro pillar cavity. For a typical 1-m micro pillar, quality factor Q as high as 2250 has been reported, which corresponds to the Purcell enhancement factor FP as large as 32. Robert et al. have proposed elliptical cross-section micro pillars to obtain single photons of exactly the same polarization. The above micro post cavity may be modified in a way shown in Fig. 2(b) to produce the micro disk cavity. It supports a series of whispering gallery modes. The modes are tightly confined by total internal reflections at the lateral edge of the disk, so resonators of very high quality factors Q are available. Routinely Q values as high as over 10 000 are obtained which corresponds to the Purcell factor of the order of 125. Therefore micro disks appear excellent candidates for possible single-photon devices which are expected to operate at temperature range easily extended to 77 K. Room-temperature operation is believed to be achieved by using QDs with higher confinement potential to avoid non-radiative recombination in barriers. Still another single-photon device has been proposed by Yuan et al. It is a p-i-n diode [Fig. 2(c)] with a layer containing QDs. To confine the emission area to just one QD, special opaque metal layer is formed on the device surface with a small aperture just over the chosen QD. Fig. 2. Schematic structures of QD single-photon devices: (a) with a micro post (micro pillar) cavity, (b) with a micro disk cavity, (c) with a DBR cavity of a p-i-n diode, (d) with a micro sphere cavity. All the above QD designs of single-photon sources are compact semiconductor devices. But emission of single photons may be also achieved in more complex structures, e.g., in a sample containing an isolated QD coupled with a glass micro sphere cavity [Fig. 2(d)]. Such a sphere may be produced by melting the tip of an optical fiber with a CO2 laser. Its quality factor Q may be extremely high (even as high as 3×109,). Extremely-low threshold semiconductor laser based on this structure was proposed by Pelton and Yamamoto. 6. AN INFALLIBLE PROTOCOL: If Alice limits herself to encoding secret bits in the two polarization states, vertical and horizontal, then Bob is able to read these bits by distinguishing the polarization of each photon using a filter. But then Eve is able to intercept the communication without being detected. It suffices for her to read the bits in the same manner as Bob, and then to encode once more the bits in the same manner as Alice, in the polarization states of photons which she sends on to Bob. However, suppose that Alice uses a strategy in which she encodes bits half of the time in photons that are polarized either horizontally or vertically, and half of the time in photons polarized diagonally at 450 and 1350. In this case, Eve would need to distinguish between four distinct polarization states. But a polarizing filter can only distinguish between states of polarization along two orthogonal axes, and according to the principles of quantum mechanics, no device can exist that could distinguish one out of the four polarization states. This impossibility is an illustration of the famous no cloning theorem. If such a polarizer existed, we could characterize the polarization state of the photon in a non-ambiguous manner and create as many clones as necessary in the same state. Like this, Eve could keep a copy for herself and send another to Bob, all without being detected. Given the no-cloning theorem, however, the best she can do is to orient her polarizer at random in the vertical or diagonal sense, which will inevitably introduce errors and disturb the communication. What is true for Eve is also inevitably true for Bob, who must also choose the axis in which to measure the polarization. In order to exchange secret bits in this scenario, Bob must therefore communicate publicly to Alice the axis of polarization in which he performed his measurement. Then, Alice compares the axis in which she sent each bit with the axis chosen by Bob. If they correspond, Alice lets Bob know publicly, and a secret bit has thus been established; if not the bit must simply be rejected, as there is no correspondence. Any intervention by Eve will always end up introducing errors in the bits shared by Alice and Bob. Suppose, for example, that Eve measures a photon in the diagonal basis, while Alice had sent the photon with vertical polarization. Eve sends a photon on to Bob with the polarization that she measured. If Bob measures horizontal polarization, then although Alice’s and Bob’s measurement axes correspond, they will obtain different values for the secret bit. To detect the presence of Eve, it suffices therefore to sacrifice a small number of the large number of bits exchanged. This small fraction of the total number of bits is exchanged publicly between Alice and Bob in order to verify the rate of error of the communication. If this rate, which will also inevitably include errors due to technical imperfections, is abnormally high then this indicates that the communication has been intercepted. 7. GOODNESS OF SECURITY BASED QUANTUM MECHANICS: In this protocol, the security is based, amongst other things, on the non-existence of a polarizing filter that allows four polarization states to be distinguished. How can we believe this? Should we trust physicists? Quantum theory allows us to understand, in the most precise manner to date, all known physical phenomena. It describes equally well microscopic phenomena, from elementary particles to atoms, and macroscopic phenomena, which follow from the collective dynamics of these same particles and atoms. And if this theory’s century of existence, during which it has never been at fault, is not sufficient to convince the reader, can we not imagine that a ghostly, perhaps invisible, man can look inside the computers of others? Quantum theory does not predict these eventualities, nor can other malevolent demons exist. In other words to believe in the reality of the world that surrounds us is also to believe in the predictions of quantum physics. 8. CURRENT TECHNOLOGICAL DEVELOPMENTS: Based on the same fundamental principle, numerous laboratories have been able to realize experimentally quantum cryptographic protocols. An optic cable from an ordinary telephone network has been used to transport confidential quantum information over 20 km, under Lake L´eman. Without going into details, the system uses optical interferometer rather than the polarization of light for transmitting information. However, the apparatus, while perfectly operational, still presents some problems. The first problem is that, due to signal losses in the optic fibre, the transmission can only take place over a relatively short distance, limiting the possible applications to communications within, say, a large town. This problem is the object of a theoretical investigation, and while some progress has been made by researchers, it has not been entirely resolved. The second problem is that experimental production of single photon pulses, as well as their detection, is still imperfect. Perfect control over the dynamics of a photon, from its creation until its detection, would allow a higher rate of transmission of secret bits. Obviously, research and development in these areas are proceeding constantly and the results will be commercially viable in a relatively short time. Many other improvements to quantum cryptography are currently being studied, both at the Universit´e Libre de Bruxelles, in the Service Th´eorie de l’Information et des Communications, and elsewhere. Several ongoing research projects, in collaboration with the Service Optique et Acoustique and the Service Physique Th´eorique, aim to improve the rate at which secret bits are exchanged, or the range of cryptographic apparatus by using alphabets larger than the binary one. Other theoretical projects, involving collaboration with other European universities, concentrate on the possibility of using beams of light that are more intense (i.e., have more photons), but which keep the quantum characteristics allowing quantum cryptography, in order to bypass the problems associated with single photon techniques. These possibilities involve so called”coherent” and”squeezed” states of light. 9. QUANTUM CRYPTOGRAPHY: AN INTERDISCIPLINARY SUBJECT As one can see, quantum cryptography gathers together a multitude of disciplines. One finds very abstract questions of mathematics and of fundamental physics that bear on quantum mechanics, questions of how to improve the performance of the necessary optical instruments (lasers, detectors, and optical fibres), and questions of how to adapt the results to industrial ends, not to mention the ethical questions posed by the issue of confidentiality in today’s world. In short, it is a contemporary field that covers a very large range of disciplines, from fundamental physics to industrial applications. The results of this research should improve the security of our confidential transmissions, all the more important in the light of online commerce and financial transactions. 10. CONCLUSION: An optical device emitting a train of pulses that contain one and only one photon (i.e. a single-photon device) is an essential element of secure key distribution in quantum cryptography. Then an eavesdropper cannot capture information about the secret key without being noticed because such an event unavoidably modifies the state of a single quantum system. In this way, the quantum cryptography exploits the fundamental principles of quantum mechanics to provide unconditional security for communication. According to Gerard and Gayral, three conditions should be fulfilled in order to get an efficient single-photon device. First of all, the carrier transport and recombination phenomena should ensure generation of single photons. They should be on resonance (high _, close to one) with a single high-Q mode of a coupled cavity. Besides, to avoid non radiative emission, the photon emission should be characterized by quantum efficiency very close to one. Thus an ideal compact single-photon device is composed of a single quantum-dot active region coupled with a single resonant mode of a micro resonator in such a way that the QD is placed exactly in the antinode position of the resonant-mode standing wave. Until now, various cavity structures are considered. Not meaningless is also compactness of the whole device. The history of single-photon devices designed for quantum cryptography is still rather short. Secure communication channels are important in many applications, practically for all of us. It may be expected that many new more compact, high-performance, room-temperature, easy to use quantum cryptography single-photon devices will be invented and designed in the closest future. A market demand is very strong.
No comments:
Post a Comment