1. Introduction

Quantum cryptography, specifically QKD, has been built based on physical concepts associated with quantum mechanics. In contrast to conventional cryptography, whose security is based on the complex computational and mathematical algorithms for security, it is founded on the uncertainty relations, Bell's inequalities, entanglement or non-locality [1]. The implementation of QKD consists of detectors, repeaters, quantum memories and decoy states [2–4]. These concepts form the basis of security proofs [5]. In order for Eve to obtain the secret key,

© 2016 The Author(s). Licensee InTech. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and eproduction in any medium, provided the original work is properly cited. © 2018 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

she needs to break the laws of physics, but this is impossible without her presence being detected. Since there is great need for security in a communication system, it is necessary to investigate security proofs for QKD systems.

state is an eigenstate to the observable being measured [20]. This means that Eve is unable to perform a measurement on an unknown quantum state without introducing a disturbance that

Security of Quantum Key Distribution Protocols http://dx.doi.org/10.5772/intechopen.74234 5

The uncertainty principle states that a measurement of one quantum observable intrinsically creates an uncertainty in other properties of the system. This means that it is impossible to measure the simultaneous values of non-commuting observables on a single copy of a quantum state [21]. This ensures that an eavesdropper cannot perform measurements that leave the quantum state undisturbed [22]. This automatic detection of an eavesdropper is impossible

In quantum mechanics, it is impossible to make a perfect copy of an unknown state with perfect fidelity. This is called the no-cloning theorem [23]. This prevents an eavesdropper from simply intercepting the communication channel and making copies (so as to make measurements on them later) of the transmitted quantum states, while passing on an undisturbed quantum state to Bob [24, 25]. Therefore, the no-cloning theorem forms an important property

Suppose, we have quantum states |ψi⟩ which are not orthogonal, then it can be proved that there exists no quantum measurement that is able to distinguish states [19]. In this case, a nonzero component of the state |ψ1⟩ parallel to the state |ψ2⟩ always gives a non-zero probability of the measurement outcome associated with the state |ψ2⟩ also occurring when the measurement is applied to the state |ψ1⟩. This is because |ψ2⟩ can be decomposed into a non-zero component parallel to |ψ1⟩ and a component orthogonal to |ψ1⟩. Then, there is no measurement of any kind that can reliably determine which of the two non-orthogonal quantum states were mea-

sured [27]. This feature is very useful for cryptographic applications such as QKD [20].

[31, 32]. In the following sections, we briefly describe the processes for each scheme.

There are two major types of QKD schemes, namely prepare and measure (P&M) and entanglement-based (EB) schemes [2, 4]. A P&M scheme is based on individual qubits, while an EB scheme is based on entangled qubits. Either of these schemes can be used by two parties in order to end up with a shared secret key. However, a P&M scheme can immediately be translated into an EB scheme [4, 28]. However, there exists another family of protocols called continuous-variable protocols and distributed-phase-reference (DPR) protocols [4], which consist of the coherent-one-way protocol [29, 30] and the distributed-phase-reference protocols

can be discovered by Alice and Bob.

2.2. Uncertainty principle

with classical cryptography.

in the security of QKD protocols [26].

2.4. Non-orthogonality principle

3. QKD schemes

2.3. No-cloning theorem

Regardless of the challenges that come with developing unconditional security proofs, a lot of progress has been realised in the last two decades. An unconditional security proof considers all kinds of attacks that Eve can perform and incorporating this into the security proof is a difficult task. However, a new technique for analysing collective attacks due to an eavesdropper was developed in 1995 by Yao [6]. Later, Bennett et al. realised that if the legitimate parties possess a reliable quantum computer, they can implement an entanglement distillation (ED) protocol to obtain a secure version of an EB key distribution [7]. In 1998, based on this idea, Lo and Chau then developed a formal security proof for the protocol [8]. By using the ideas of Mayers, Lo and Chau then Shor and Preskill developed a simple proof of security for the BB84 protocol in 2000 [9]. This was followed by a proof of Biham who was the second to show an unconditional security proof [10]. In 1991, Biham's proof was then used by Gottesman and Preskill to prove the unconditional security proof of a continuous variable protocol where Alice's signals are sufficiently squeezed [11]. In the same spirit, Inamori et al. showed the unconditional security proof of BB84 protocol where Alice's source emits weak coherent states and Bob's detector remains uncharacterised [12]. However, a complete security proof that is secure against arbitrary attacks by the eavesdropper and full realistic implementation of the QKD protocol remains missing. But this progress depicts that major achievements have been made in this field to prove that protocols used in quantum communication are secure for sending messages. Amongst different approaches to security proofs, a number of publications on composable security [13], de Finetti's theorem [5, 14], post-selection technique [15] and recently the finite-length key analysis [16] are now available.

Regardless of enormous progress that has been made in QKD, there are still some theoretical and experimental problems of communicating in absolute secrecy in the presence of an eavesdropper. In particular, matching the theoretical security proofs to real devices still remains unknown. The security proofs still contain assumptions concerning the behaviour of devices used by the communicating parties [17]. As a result of this mismatch, an eavesdropper can learn part of the key shared by Alice and Bob, thus rendering some schemes insecure over large distances. Moreover, the existing security proofs have been derived in the asymptotic limit which is not very realistic. In fact, the bits which are processed in QKD are necessarily of finite length. Therefore, thanks to Valerio and Renner for introducing the general framework for the security analysis of QKD with finite resources [16]. The security study is mainly based on the framework introduced by Devetak-Winter, Csiszar-Körner and Renner security [5, 18]. For a detailed overview of QKD, we refer the reader to [2, 4].
