The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication.
If one attempts to read the encoded data, the quantum state will be changed due to wave function collapse (no-cloning theorem).
His seminal paper titled "Conjugate Coding" was rejected by the IEEE Information Theory Society but was eventually published in 1983 in SIGACT News.
[3] In this paper he showed how to store or transmit two messages by encoding them in two "conjugate observables", such as linear and circular polarization of photons,[4] so that either, but not both, properties may be received and decoded.
It was not until Charles H. Bennett, of the IBM's Thomas J. Watson Research Center, and Gilles Brassard met in 1979 at the 20th IEEE Symposium on the Foundations of Computer Science, held in Puerto Rico, that they discovered how to incorporate Wiesner's findings.
"[3] In 1984, building upon this work, Bennett and Brassard proposed a method for secure communication, which is now called BB84, the first Quantum Key Distribution system.
Companies that manufacture quantum cryptography systems include MagiQ Technologies, Inc. (Boston), ID Quantique (Geneva), QuintessenceLabs (Canberra, Australia), Toshiba (Tokyo), QNu Labs (India) and SeQureNet (Paris).
Sub-par quantum repeaters can provide an efficient amount of security through the noisy channel over a long distance.
The best-known and developed application of quantum cryptography is QKD, which is the process of using quantum communication to establish a shared key between two parties (Alice and Bob, for example) without a third party (Eve) learning anything about that key, even if Eve can eavesdrop on all communication between Alice and Bob.
The rate of the twin field protocol was shown to overcome the secret key-agreement capacity of the lossy communication channel, known as repeater-less PLOB bound,[15] at 340 km of optical fiber; its ideal rate surpasses this bound already at 200 km and follows the rate-loss scaling of the higher repeater-assisted secret key-agreement capacity[17] (see figure 1 of[16] and figure 11 of[2] for more details).
The protocol suggests that optimal key rates are achievable on "550 kilometers of standard optical fibre", which is already commonly used in communications today.
The theoretical result was confirmed in the first experimental demonstration of QKD beyond the PLOB bound which has been characterized as the first effective quantum repeater.
[18] Notable developments in terms of achieving high rates at long distances are the sending-not-sending (SNS) version of the TF-QKD protocol.
For example, unconditionally secure quantum bit commitment was shown impossible by Mayers[22] and by Lo and Chau.
The protocol discourages some forms of cheating; for example, Alice could cheat at step 4 by claiming that Bob incorrectly guessed her initial basis when he guessed correctly, but Alice would then need to generate a new string of qubits that perfectly correlates with what Bob measured in the opposite table.
To successfully execute this, Alice would need to be able to store all the photons for a significant amount of time as well as measure them with near perfect efficiency.
Such commitment schemes are commonly used in cryptographic protocols (e.g. Quantum coin flipping, Zero-knowledge proof, secure two-party computation, and Oblivious transfer).
[35] (Note: The results by Crépeau and Kilian[34][35] together do not directly imply that given a commitment and a quantum channel one can perform secure multi-party computation.
A breakthrough in November 2013 offers "unconditional" security of information by harnessing quantum theory and relativity, which has been successfully demonstrated on a global scale for the first time.
Since even a dishonest party cannot store all that information (the quantum memory of the adversary is limited to Q qubits), a large part of the data will have to be either measured or discarded.
By introducing an artificial pause in the protocol, the amount of time over which the adversary needs to store quantum data can be made arbitrarily large.)
(Note that with today's technology such as hard disks, an adversary can cheaply store large amounts of classical data.)
[47][48] After several other quantum protocols for position verification have been suggested in 2010,[49][50] Buhrman et al. claimed a general impossibility result:[51] using an enormous amount of quantum entanglement (they use a doubly exponential number of EPR pairs, in the number of qubits the honest player operates on), colluding adversaries are always able to make it look to the verifiers as if they were at the claimed position.
Later Beigi and König improved the amount of EPR pairs needed in the general attack against position-verification protocols to exponential.
[52] It is argued in[53] that due to time-energy coupling the possibility of formal unconditional location verification via quantum effects remains an open problem.
Since then, several problems have been shown to admit unconditional secure and device-independent protocols, even when the actual devices performing the Bell test are substantially "noisy", i.e., far from being ideal.
Then, the legitimate parties can perform conventional optical communications based on the shared key by transforming it appropriately.
The goal is to achieve longer covert communication than the information-theoretic security limit (one-time pad) set by Shannon.
[91] The source of the noise in the above wire-tap channel is the uncertainty principle of the electromagnetic field itself, which is a theoretical consequence of the theory of laser described by Roy J. Glauber and E. C. George Sudarshan (coherent state).
[116] An eavesdropper, Eve, can take advantage of this detector inefficiency by measuring Alice's qubit and sending a "fake state" to Bob.