The peculiar properties of quantum mechanics enable possibilities not allowed by classical physics. In particular, two parties can generate a random, secret key at a distance, even though an eavesdropper can do anything permitted by the laws of physics. Measuring the quantum properties of the signals generating the key, would ultimately change them, and thus reveal the eavesdropper’s presence. This exchange of a random, secret key is known as quantum cryptography.
Quantum cryptography can be, and has been proven unconditionally secure using perfect devices. However, when quantum cryptography is implemented, one must use components available with current technology. These are usually imperfect. Although the security of quantum cryptography has been proven for components with certain imperfections, the question remains: can quantum cryptography be implemented in a provable, unconditionally secure way, using components available with current technology? This thesis contains both a theoretical, and an experimental contribution to the answer of this question. On the experimental side, components used in, and complete quantum cryptography systems have been carefully examined for security loopholes. In particular, it turned out that two commercial quantum cryptography systems contained loopholes, which would allow an eavesdropper to capture the full secret key, without exposing her presence. Furthermore, this detector control attack could be implemented with current technology. The attack is applicable against a variety of quantum cryptography implementations and protocols.
The theoretical contribution consists of security proofs for quantum cryptography in a very general setting. Precisely, the security is proven with arbitrary individual imperfections in the source and detectors. These proofs should make it possible to use a wide array of imperfect devices in implementations of quantum cryptography.
Finally, a secure detection scheme is proposed, immune to the detector control attack and compatible with those security proofs. Therefore, if this scheme is implemented correctly, it offers provable security.
Trondheim NTNU, 2011.