Extensible router for a quantum key distribution network

Extensible router for a quantum key distribution network

Physics Letters A 372 (2008) 3957–3962 www.elsevier.com/locate/pla Extensible router for a quantum key distribution network Tao Zhang, Xiao-Fan Mo, Z...

467KB Sizes 2 Downloads 85 Views

Physics Letters A 372 (2008) 3957–3962 www.elsevier.com/locate/pla

Extensible router for a quantum key distribution network Tao Zhang, Xiao-Fan Mo, Zheng-Fu Han ∗ , Guang-Can Guo Key Laboratory of Quantum Information, University of Science and Technology of China (CAS), Hefei, Anhui 230026, People’s Republic of China Received 19 October 2007; received in revised form 16 January 2008; accepted 19 March 2008 Available online 22 March 2008 Communicated by P.R. Holland

Abstract Building a quantum key distribution network is crucial for practical quantum cryptography. We present a scheme to build a star topology quantum key distribution network based on wavelength division multiplexing which, with current technology, can connect at least a hundred users. With the scheme, a 4-user demonstration network was built up and key exchanges were performed. © 2008 Elsevier B.V. All rights reserved. PACS: 03.67.Dd Keywords: Quantum key distribution network; Wavelength division multiplexing

1. Introduction Quantum key distribution (QKD) is a technique whereby a secure key for cryptographic encoding can be exchanged over an insecure communication channel. Since 1984 Bennett and Brassard proposed the first QKD protocol [1], many experimental systems have been developed in the laboratory [2–6], and commercial point-to-point QKD systems are even available on the market. However, a point-to-point system is not enough to satisfy network communication requirements, so the building of a QKD network is not only necessary but also crucial to practical quantum cryptography. So far several QKD network schemes have been presented. In the 1990s, Townsend proposed a looped and a branched network [7], and demonstrated QKD between one controller and several terminals in a branched network, in which the kernel part is a beam splitter [8]. In this year they have improved this branched architecture to make it available for more users and run faster [9]. However, these two types of network are easy to set up but difficult to use. In a branched network, because of the randomness of the beam splitters, photons will be delivered * Corresponding author. Tel.: +86 551 3607342; fax: +86 551 3606828.

E-mail address: [email protected] (Z.-F. Han). 0375-9601/$ – see front matter © 2008 Elsevier B.V. All rights reserved. doi:10.1016/j.physleta.2008.03.023

randomly to a user even if he/she does not wish to communicate at that time. This will decrease the efficiency of key generation. Another disadvantage of a branched network is its “non-direct” nature. Because photons are only transferred from controller to terminals, two terminals cannot communicate directly. If they want to make secure communication, first, one has to exchange information securely with the controller and then the controller sends words to the other one with secure channel between them. This will reduce the security of the system. Moreover, the insertion loss of both types of network depends on the number of users. The more users a network has, the higher its insertion loss and the shorter its transmission length. In 2003, BBN Technologies built a quantum network for the Defense Advanced Research Projects Agency [10,11], in which optical switches are used to route photons and a “trusted relay” protocol is used to extend communication distance. When the distance between Alice and Bob exceeds the maximum transmission length of a point-to-point QKD system, they respectively establish keys with a third user in the middle, who uses the key between himself and Bob to encrypt a key between himself and Alice, which is then forwarded to Bob. This trusted relay process increases the transmission distance but reduces the security of communication. Except for beam splitter and optical switch, wavelength division multiplexing (WDM) is another important technique in

3958

T. Zhang et al. / Physics Letters A 372 (2008) 3957–3962

building QKD network. This has been demonstrated in several experiments [12,13]. It overcomes the randomness of beam splitter, but still has some shortcoming. Users in the network can have only one link each time. That will reduce the efficiency of the system. 2. Network topology Here, we present a QKD network also based on WDM but in which all users can exchange keys directly and simultaneously, and the insertion loss of the network is independent of the number of users. First, we will describe the architecture of the network and discuss its characteristics. Then the operation mode of the network will be introduced. At last we will show experimental result of a 4-user demonstration network. The center of the network is a “quantum router” (QR). For an N -user network, the QR has N ports and each user connects to one port via a fiber or free-space link. A user transfers photons of different wavelengths to the QR and these photons are delivered to certain users according to their wavelengths. For any two users who want to communicate with each other, a unique wavelength is assigned to them and this is regarded as an address code for the destination of the photons. In fact, this scheme only provides many optical links between transmitters and receivers with low cost, so any point-to-point QKD system can be used in this network. The only change for point-to-point system is that two multiplexers are added in the communication link, so the security of the network is as same as before. As an example we use a 4-user network to describe the details of the scheme. As shown in Fig. 1, four users connect to the QR which is comprised of four wavelength division multiplexers (MUXs). When Alice communicates with Bob, she sends him photons of wavelength 2 which, on arriving at QR, will be separated by MUX A, transmitted to MUX B and then sent to Bob. Applying any point-to-point QKD protocol, Alice and Bob can perform QKD in the network using photons of wavelength 2. Similarly, Alice and Cathy as well as Alice and Daniel use photons of wavelengths 3 and 1, respectively, to communicate. Because in practical QKD system, except for quantum signal, there is also synchronization signal needs to be transmitted along the same path for quantum signal, we can use an identical QR to route synchronization signal. This network can be extended to N users by using an N port QR which is comprised of N MUXs. Fig. 2 shows the topography of 5-port and 6-port QRs. In the QR, all MUXs connect with each other by fibers, and all the fibers connected to any given MUX transmit photons of different wavelengths. Any two MUXs have one and only one link of the same wavelength. This connection scheme concurs with the edge coloring theorem in graph theory. Each MUX corresponds to a vertex of the graph, each link to an edge, and each wavelength to a color. The edge coloring theorem says: for a complete graph with N vertexes, when N is even, it needs N − 1 colors to color each edge so that adjacent edges (edges which have the same vertex) have different colors; when N is odd, the number of colors is N . This means, for an N -port QR, each MUX needs N − 1 (when N is even) or N (when N is odd) de-

(a)

(b)

(c)

Fig. 1. Four-user QKD star-network with quantum router. (a) Configuration of network; (b) Topography of quantum router; (c) Connection of MUXs.

multiplexing ports which transmit photons of different wavelengths. Here we give a simple way to find the connection of MUXs in an N -port QR. In Fig. 3, capital letters represent MUXs and Arabic numerals represent the wavelengths connecting the MUXs. For example, the number 2 in row A and column B means that the fiber link between MUX A and MUX B transmits photons of wavelength 2. The other numbers in the table depend on the parity of N . When N is odd, e.g. N = 5 such as in Fig. 3(a), all squares along the same diagonal line have the same number as shown in the figure, beginning from 1 in the top left-hand corner and increasing by 1 for each adjacent step to the next diagonal line; after N is reached we go back to 1 and fill in the remaining squares in the same manner. When N is even, e.g. N = 6 such as in Fig. 3(b), the above method is used to fill in an (N − 1) × (N − 1) table first, and then the numbers along the main A–A, B–B diagonal are copied to last row from left to right and to the last column from top to bottom. The performance of the QR will of course depend on that of the MUXs. In the first place, the maximum number of users depends on the number of channels in the MUX. Currently, commercial dense WDM products have several to dozens of channels, while a total of 4200 channels has been achieved in

T. Zhang et al. / Physics Letters A 372 (2008) 3957–3962

3959

Secondly, the QR insertion loss will reduce the QKD distance. Since photons have to pass through two MUXs when they cross the QR, the insertion loss will be double that of a MUX. For a commercial MUX with 40 channels the insertion loss is about 5 dB, so it is about 10 dB for the QR which is equivalent to that of 50 km of standard telecom fiber. That means transmission distance of QKD in the network is about 50 km less than point-to-point QKD. Because current point-topoint QKD systems can operate over more than 100 km, we can build a QKD network with 40 users to cover a region of at least 50 km diameter. With the new developments in WDM technology the insertion loss may be reduced to less than 1 dB in the future [15], so the quantum network should be able to cover a region of more than 100 km in diameter. The third problem is MUX crosstalk. That is, the optical signal which should exit from port i actually exits from port j , causing bit errors in the quantum network. For example, as shown in Fig. 1, when Alice sends photons of wavelength 3 to Cathy and Bob is also sending photons of wavelength 3 to Daniel at the same time, some of Bob’s photons may pass through the fiber link between MUX B and MUX C to arrive at Cathy. For Cathy, these photons will produce error bits. Below we give an estimate of the quantum bit error rate (QBER) resulting from crosstalk. The insertion loss (IL) and crosstalk (FC) of a MUX are defined as [16] IL = 10 × log(Pin /Pout ),   FCj (λi ) = 10 × log Pj (λi )/Pi (λi ) Fig. 2. Topography of N -port quantum router.

(1) (2)

where Pin and Pout represent the input and output powers of the optical signals, respectively, Pj (λi ) is the power of the optical signal of wavelength λi which exits from port j , and Pi (λi ) is that for wavelength λi from port i. For single photons, optical power means the number of photons per second, and crosstalk means the ratio between numbers of photons exit from wrong port and right port in one second. We see that Pi (λi ) in Eq. (2) equals Pout in Eq. (1), thus we find the ratio R1 between the output and input signals as well as the ratio R2 between the crosstalk and input signals to be Pout = 10−IL/10 , Pin Pj (λi ) Pj (λi ) Pout R2 = = × = 10[FCj (λi )−IL]/10 . Pin Pout Pin

R1 =

(3) (4)

Since each photon will pass through two MUXs when it crosses the QR, the ratio of the power of the crosstalk signal to that of the effective signal at the output port is: R22 × Pinput R12

Fig. 3. Connection of N MUXs.

the laboratory [14]. This means that it should be possible to build a QR with 4200 ports in the future.

 × Pinput

= 102×FCj (λi )/10 ×

Pinput .  Pinput

(5)

 Here Pinput and Pinput represent the power of the input signals which produce the crosstalk signal and effective signal, respectively. Generally they have the same value, but some so that crosstalk increases times Pinput is much larger than Pinput greatly. Assuming that the signal which produces the effective signal enters through a fiber with X dB insertion loss before it

3960

T. Zhang et al. / Physics Letters A 372 (2008) 3957–3962

Fig. 4. Schematic diagram of 4-user wavelength addressing network: LAN, local network; other abbreviations are defined in text.

passes through QR, while the signal producing crosstalk does  not, then Pinput /Pinput = 10X/10 , and the ratio in Eq. (5) will become 10[X+2×FCj (λi )]/10 . If there are many inputs that pro [X+2×FCj (λi )]/10 , duce crosstalk, the ratio becomes N−1 j =1,j =i 10 where N is the number of channels. For commercial MUX products we may take N = 40, FCj (λi ) < −25 dB (when j = i ± 1), FCj (λi ) < −30 dB (when j = i ± 1), and X < 10 for a QKD network covering a region of 50 km diameter, so this ratio has a value of less than 0.056%. As a matter of fact, because there are only N/2 channels transmit photons of same wavelength, the ratio should also be half. This implies that, for a network with 40 users, the errors due to crosstalk are negligible compared with other effects. Along with the development of WDM technology, crosstalk can be expected to become much smaller, resulting in improved QR performance. In the above 4-user network, if all users want to communicate with each other at the same time, there must be six laser diodes and six single photon detectors in the network. Because there are six channels, and every communicating pair must have a source/detector. Such a configuration is flexible to use but expensive to build. Here, we introduce a configuration called server–client mode, in which a better balance between cost and functionality is achieved. We assume that Alice has three fixed-wavelength laser diode and each of other three users has a single photon detector. Moreover, all users is equipped with other necessary instruments for QKD. When Bob and Cathy are desired to exchange keys, they first send requests to Alice. After receiving requests, Alice starts to simultaneously transfer photons of λ2 and λ3 and modulates them with different phases. With standard procedure of QKD, two groups of keys are established between Alice–Bob and Alice–Cathy. Because three users use unrelated random data to modulate photons, two groups of keys are different. For example, keys of Alice–Bob are {0, 1, 0, 0} and keys of Alice–Cathy are {0, 0, 0, 1}. The 2nd and 4th bits of the keys are not identical. Alice uses keys of Alice–Bob as a reference to check which keys of Alice–Cathy are different. Alice notifies Cathy of the check result by a public channel and Cathy inverses corresponding bits. In above example, Alice notifies Cathy that 2nd and 4th

bits are different and Cathy flips 2nd bit from 0 to 1 and 4th bit from 1 to 0. After that, identical secret keys are shared among Bob and Cathy. We call this operation as “key reverse operation”. We call the above configuration as “server–client mode”, where Alice plays the role of a server and other users play the role of clients. Clients send requests to a server and the server responds to requests. Server is central to the configuration and the network will not function without it. For an N -user network including one server, only N − 1 fixed-wavelength laser diodes and N − 1 single photon detectors are required. To increase robustness and redundancy of a network, more users can be configured as servers. Another benefit of server–client mode is that any number of users can simultaneously establish identical keys. Key exchange can be performed between two users (unicast), several users (multicast) or all users (broadcast). For applications such as military communications, multicast and broadcast are very useful. The disadvantage of this mode is, it has security leak. That is, the server knows all the keys in the network. This leak also exists in the network schemes proposed by Townsend [7] and Elliott [10]. In all these schemes, servers may use different methods to let two users share identical keys, but their impact on security are the same. This leak is the cost we must pay for reducing expense, and there seems no method to solve it. What we can do is, keep the server safe and trust it. 3. Experimental setup With the client–server scheme described above, a 4-user demonstration network was built up. Fig. 4 shows the diagram of the experimental setup. Two quantum routers QR1 and QR2 are used in our experiment, one for quantum signal and the other for synchronization signal, and their structure is as shown in Fig. 1. Each of routers consists of four 3-channel commercial MUXs, where λ1 is 1510 nm, λ2 is 1530 nm and λ3 is 1550 nm. Insertion loss of different ports are listed in Table 1. Crosstalk between different wavelength channels are about 28 to 43 dB. In our experiment, crosstalk is not essential because laser diodes are not driven simultaneously and photons of different wave-

T. Zhang et al. / Physics Letters A 372 (2008) 3957–3962

3961

Table 1 Insertion loss of 4-port router in the unit of dB Port A Port A Port B Port C Port D

2.17 2.61 1.96

Port B

Port C

Port D

1.70

2.47 1.64

2.48 2.74 2.25

2.16 2.66

1.99

lengths do not arrive at the router at same time. User Alice is configured as a server and Bob, Cathy and Daniel are configured as clients. In Alice’s side, three transmitters are linked together by a MUX. Each transmitter consists of a laser diode LD, a Faraday–Michelson interferometer FMI [6], a fixed optical attenuator mATT and a homemade circuit board TRAN. Each client is composed of a receiver, which includes a FMI, a single photon detector SPD and a homemade circuit board RECV. The measured dark count rates of SPDs we used are respectively 41.7, 18.00, and 15.40 Hz when the operation frequency is 1 MHz and the detection gate width is 2.5 ns. The quantum efficiency of SPDs is 10% at a wavelength of 1550 nm. With the setup, key broadcast is performed using BB84 protocol. Alice sends clock signals to three homemade circuits boards. On-board delay generators delay clock singles and output delayed signals to trigger three laser diodes respectively. At the output of each laser diode, a 10 : 90 beam splitter BS is placed and divides every laser pulse into two parts. The weak one is transferred through a interferometer and modulated with different phases. mAtt attenuate the pulse to pseudo single-photon level. The weak pulses from three laser diodes are multiplexed to a fiber with a WDM and transmitted to the quantum router QR1. The stronger pulse serves as a synchronous pulse. Three different wavelength synchronous pulses are multiplexed by a MUX and transferred to the quantum router QR2. This quantum router is identical with the one used for singlephoton pulses, so a synchronous pulse and single photon pulse of the same wavelength will transfer to the same client. To avoid crosstalk, delay times are set different to make laser pulses of different wavelength arrive the quantum router QR1 at different times. After arriving at the port A of QR1, weak pulses are dispatched to different ports and transferred to corresponding users: pulses of 1510 nm to Bob, pulses of 1530 nm to Cathy and pulses of 1550 nm to Daniel. Each client uses an interferometer that is identical to the one used by Alice to demodulate pulses and detects them with a SPD. Synchronous pulses are detected by a InGaAs PIN detector DET. The output of the DET is used to trigger the corresponding SPD and circuit board RECV. The whole process is controlled by two computers, one for the server and the other for three clients. The computers are connected to a local network, which establishes a public communication channel to exchange instructions and key data. At the output of Alice, a electronic control optical attenuator eATT is used to attenuate laser pulses and simulate different transmission lengths. Fig. 5 shows the experiment result of sifted keys. We compare the data of keys from transmitter and receiver to get the number of error bits after doing QKD. The ratio between

Fig. 5. The upper figure is quantum bit error rates (QBER) of different wavelengths as function of the attenuation value of eAtt. The lower figure is transmission lengths as function of the attenuation value of eAtt.

amounts of error bits and total bits is the QBER in Fig. 5. We can see that three links have different QBER under same attenuation. That because the dark count rates of three SPDs are different. With error correction and key reversion operation, four users can share same keys. 4. Conclusion To conclude, we have proposed a quantum key distribution network based on a quantum router containing wavelength division multiplexers. Using current commercial WDM products with a point-to-point QKD protocol we can easily build a feasible quantum cryptography network with at least 40 users to cover a region of 50 km in diameter. Using server–client model, key unicast, multicast or broadcast is available. Furthermore, a 4-user demonstration network is built up and key exchange is performed. Acknowledgements This work was funded by the National fundamental Research Program of China under Grant No. 2006CB921900, National Science Foundation of China under Grant Nos. 60537020 and 60621064 and the Knowledge Innovation Project of Chinese Academy of Sciences. Tao Zhang and Xiao-fan Mo contributed equally. References [1] C.H. Bennett, G. Brassard, Quantum cryptography: Public key distribution and coin tossing, in: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, p. 175. [2] C.H. Bennett, Phys. Rev. Lett. 68 (1992) 3121. [3] D. Stucki, N. Gisin, O. Guinnard, G. Ribordy, H. Zbinden, New J. Phys. 4 (2002) 41.

3962

T. Zhang et al. / Physics Letters A 372 (2008) 3957–3962

[4] C. Gobby, Z.L. Yuan, A.J. Shields, Appl. Phys. Lett. 84 (2004) 3762. [5] Z.-F. Han, X.-F. Mo, Y.-Z. Gui, G.-C. Guo, Appl. Phys. Lett. 86 (2005) 221103. [6] X.-F. Mo, B. Zhu, Z.-F. Han, Y.-Z. Gui, G.-C. Guo, Opt. Lett. 30 (2005) 2632. [7] P. Townsend, S. Phoenix, K.J. Blow, S. Barnett, Electron. Lett. 30 (1994) 1875. [8] P.D. Townsend, Nature 385 (1997) 47. [9] V. Fernandez, R.J. Collins, K.J. Gordon, P.D. Townsend, G.S. Buller, IEEE J. Quantum Electron 43 (2007) 130. [10] C. Elliott, New J. Phys. 4 (2002) 46. [11] C. Elliott, A. Colvin, D. Pearson, O. Pikalo, J. Schlafer, H. Yeh, quantph/0503058.

[12] G. Brassard, F. Bussires, N. Godbout, S. Lacroix, Entanglement and wavelength division multiplexing for quantum cryptography networks, in: Quantum Communication, Measurement and Computing, 2004, p. 323. [13] P.D. Kumavor, A.C. Beal, E. Donkor, B.C. Wang, Demonstration of a sixuser quantum key distribution network on a bus architecture, in: Quantum Information and Computation V, Orlando, FL, USA, 2007, p. 65730. [14] K. Takada, M. Abe, T. Shibata, K. Okamoto, Electron. Lett. 38 (2002) 572. [15] M.K. Smit, Progress in AWG design and technology, in: Proceedings of WFOPC 2005: 4th IEEE/LEOS Workshop on Fibres and Optical Passive Components, 2005, p. 26. [16] W.-Y. Gu, J. Zhang, J.-Q. Wang, H. Li, J.-W. He, Optical Transmission Network, China Machine Press, 2003.