RU2730554C1 - Method of detecting an attack on quantum states in a quantum communication channel - Google Patents

Abstract

FIELD: quantum cryptography.SUBSTANCE: invention relates to the field of quantum cryptography. Technical result is achieved due to the fact that at the stage of transmission of the series of packages the length of the series of parcels is set and for each sending in the series the preparation of the transmitting and receiving sides is performed, transmission of the sending by the transmitting side and reception of the sending by the receiving side, wherein preparation of transmitting side includes selecting randomly and equitably one of two transmission side bases, selecting randomly and equitably one of two phase values in the selected basis, synchronizing the total time between the transmitting and receiving sides and preparing the transmitting side of the quantum state which unambiguously corresponds to the selected phase value.EFFECT: technical result consists in provision of detection in systems of quantum cryptography with phase and polarization encoding of false quantum states in quantum communication channel generated by intruder.3 cl, 6 dwg

Description

The technical field to which the invention relates

The invention relates to the field of quantum cryptography, namely, protection against attacks on quantum states, using different time dependences of the sensitivity of single-photon detectors, in quantum cryptography systems with phase and polarization coding.

State of the art

Quantum cryptography solves the central problem of symmetric cryptography, namely, the problem of distributing cryptographic keys, which are a random identical sequence of zeros and ones on the transmitting and receiving sides, unknown to the third party. The distribution of keys occurs by matching - synchronizing two independent pre-generated random sequences at the transmitting and receiving sides by transmitting a series of quantum states through an open and intrusive quantum communication channel (optical fiber or atmospheric channel), from the transmitting side to the receiving side. Quantum states are selected on the transmitting side in accordance with a random sequence on the transmitting side, and subsequent measurements on the receiving side, which are selected in accordance with a random sequence on the receiving side. The measurements are chosen in such a way that in the messages where the basis of measurements on the receiving side and the basis for preparing quantum states on the transmitting side coincided, the quantum states, respectively, the key bits, in the absence of intrusions into the communication channel, are identified unambiguously and without errors. The numbers of parcels where the bases of the transmitting and receiving sides did not coincide are discarded by means of messages through an open authentic classical communication channel. Thus, the random sequences are synchronized.

From the prior art, methods for detecting eavesdropping attempts (attack detection) when intruding into a quantum communication channel are known, based on the laws of quantum mechanics, which ensure that an intrusion into a quantum communication channel will lead to distortion of transmitted quantum states and, accordingly, to errors on the receiving side ... The fact of intrusion into the quantum communication channel is detected by the occurrence of errors on the receiving side. For this, part of the messages - the positions and values of the bits in these positions on the transmitting and receiving sides, are revealed through an open authentic classical communication channel, then they are compared, and the percentage of errors is estimated. In the future, the expanded part of the sequence is discarded. The laws of quantum mechanics allow for a given observed percentage of errors to obtain an upper bound for information leakage to the eavesdropper. If the percentage of errors, respectively, the leakage of information to the eavesdropper, is less than the critical value, then errors in the unrevealed part of the sequence are corrected by exchanging classical information through an open authentic communication channel. As a result, there is a common cleared key, identical on the transmitting and receiving sides, about which the eavesdropper has partial information, provided that the observed percentage of errors is less than the critical value. The cleared key is compressed by means of hash functions, by means of messages through an open classical communication channel, to the final secret key - a bit string of shorter length, about which the eavesdropper no longer has any information. The choice of hash functions is carried out openly through the classic authentic communication channel.

Quantum cryptography systems are open systems; intrusion into the communication channel can be realized by active sensing by means of laser radiation of the state of the transmitting and receiving equipment or by changing the parameters of the equipment. Quantum cryptography systems use single-photon detectors to register quantum states, which usually operate in a gated mode. A short strobe voltage pulse is superimposed on the detectors at the moment of the arrival of the photon. In the absence of a gate voltage, the detector is inactive. Quantum efficiency of a single-photon detector - the probability of detecting a photon inside a gate pulse, depends on time and is determined by a specific type of detector. In systems of quantum cryptography with phase and polarization coding, two single-photon detectors can be used, which have different dependences of sensitivity as a function of time (Fig. 1). The probability of registering a quantum state of radiation with a duration less than the strobe duration depends on the duration of the quantum state and its position in time. During normal operation of the system, the position in time and the duration of the quantum states are chosen so that they fall within the time sensitivity region of both detectors (Fig. 1).

Closest to the claimed invention is a method for detecting attacks on quantum states in a quantum communication channel, implemented according to the BB84 protocol (S.N.Bennett and G. Brassard, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE Press , New York, 1984), pp. 175-179.). The method includes the steps of generating keys, described above, using the quantum cryptography system, also described above, the step of estimating the number of errors, in which an attack is detected by the magnitude of the error. If the error in the communication channel is less than about 11%, then the information available to the eavesdropper obviously does not exceed the mutual information between the receiving and receiving sides, and secret data transmission is possible. Error detection and correction is carried out by mixing and dividing the synchronized sequences into blocks, which are checked for parity in several iterations, decreasing each size of precisely those blocks whose parity does not match. However, this method is characterized by certain drawbacks, namely, if the duration of the quantum state and its position in time within the gate pulse are selected in such a way that the state does not fall within the maximum of the detector sensitivity curve (the state is not covered by the detector sensitivity curve), then the state is not registered. ... An eavesdropper can replace true quantum states with fake states with a shorter duration and position in time, thereby imposing a detector count or no report for a preselected message on one of the two detectors. Such attacks on technical implementation, using different time dependences of the sensitivity of single-photon detectors, are known from the prior art (Effects of detector efficiency mismatch on security of quantum cryptosystems, Vadim Makarov, Andrey Anisimov, and Johannes Skaar, Physical Review, A74, 022313 (2006) ). With such an attack, the eavesdropper knows the entire key, does not make errors on the receiving side and is not detected, the system is vulnerable to such an attack and does not ensure the secrecy of the keys.

The technical problem solved by the present invention is the impossibility of detecting an attack using different time dependences of the sensitivity of single-photon detectors, in quantum cryptography systems with phase and polarization coding, characterized by false quantum states generated by the eavesdropper, for which the duration and position in time are chosen in such a way, that the quantum states are outside the maximum of the sensitivity curve of the detector registering it.

Disclosure of the essence of the invention

The technical result of the invention is the detection in quantum cryptography systems with phase and polarization coding of false quantum states in the quantum communication channel, generated by the eavesdropper, in the form of inconsistencies detected during the exchange of information between the transmitting and receiving sides via an open communication channel.

The technical result is achieved by implementing a method for detecting an attack on quantum states in a quantum communication channel between the transmitting side and the receiving side, including the stage of transmitting a series of messages, the stage of exchanging information via an open communication channel, the stage of detecting the attack, while

at the stage of transmitting a series of parcels, the length of the series of parcels is set, and for each parcel in the series, the transmitting and receiving sides are prepared, the parcel is transmitted by the transmitting side and the parcel is received by the receiving side, while

preparation of the transmitting side includes randomly and equiprobably choosing one of the two bases of the transmitting side, choosing randomly and equiprobably one of the two phase values in the selected basis, synchronizing the total time between the transmitting and receiving sides and preparing the transmitting side of a quantum state that uniquely corresponds to the selected phase value;

preparation of the receiving side includes randomly and equally probable selection of one of two phase values as the basis of measurements; and for each selected phase value, the measurement basis is randomly and equally likely to be changed to orthogonal or the basis is left unchanged;

sending a message by the transmitting side includes transferring a quantum state prepared on the transmitting side to a quantum communication channel;

receiving a message by the receiving side is carried out at the input of a quantum state transformer, equipped with two outputs, followed by registration of the signal by one of the detectors installed at each of the outputs of the quantum state transformer, depending on the received quantum state and the phase value, pre-selected randomly and equally probable on the receiving side;

at the stage of information exchange via an open communication channel, the transmitting side transmits to the receiving side or the receiving side transmits to the transmitting side information about the selected basis for each transmitted or received message, the receiving side generates an updated series of messages by removing from the received series of messages for which the bases are selected on the transmitting and host parties are not the same;

at the stage of detecting an attack, the number of non-coinciding messages in the transmitted and received series is determined, and each mismatch is interpreted as an attack on quantum states in a quantum communication channel,

A Mach-Zehnder interferometer can be used as a quantum state converter, and avalanche single-photon photodetectors as detectors on the receiving side.

Thus, the technical result is achieved when using a method for detecting an attack on quantum states in a quantum communication channel in quantum cryptography systems with phase and polarization coding, in which the eavesdropper knows the entire cryptographic key and is not detected, where, according to the claimed invention, the receiving party in each measurement basis randomly chooses not one phase value, as was the case in known systems, but two phase values: phase 0 or pi in one basis, and phase pi / 2 or 3pi / 2 in another basis. Due to such a random choice of phases during an eavesdropper attack using a different time dependence of the sensitivity of single-photon detectors, errors inevitably occur on the receiving side, through which the eavesdropper is detected.

Brief Description of Drawings

The invention is illustrated by drawings, where Fig. 1. is a diagram of the implementation of the transfer of the state corresponding to the value 0 when the bases of the transmitting and receiving sides coincide; in fig. 2 is a diagram of the implementation of the transfer of the state corresponding to the value 1 when the bases of the transmitting and receiving sides coincide; in fig. 3 is a diagram illustrating the transfer of phases from different bases; in fig. 4 is a diagram of the state transfer process when the basis of the eavesdropper coincides with the bases of the transmitting and receiving sides; in fig. 5 is a diagram of the state transfer process when the basis of the eavesdropper does not coincide with the bases of the transmitting and receiving sides; in fig. 6 is a diagram of a process for detecting eavesdropping attempts.

Detailed description of the implementation of the invention

The claimed invention presents a method for detecting and protecting against an attack using a different time dependence of the sensitivity of single-photon detectors in quantum cryptography systems with phase encoding and polarization.

Below is a description of the operation of the quantum key distribution system in the absence of an attack, and then the attack itself, using different time dependences of the sensitivity of single-photon detectors, and a method for detecting such an attack.

An attack on phase-coded quantum key distribution systems on the example of the BB84 protocol (S.N.Bennett and G. Brassard, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing (IEEE Press, New York, 1984), pp. . 175-179.), Which is the basic protocol, is carried out as follows (for systems with polarization coding and other protocols, the attack is carried out similarly).

In the BB84 protocol, two bases + and x are used, which on the transmitting side are chosen randomly and equiprobably in accordance with the random sequence O and 1. Inside each basis, one of the two phase values is also randomly and equally probable in accordance with a random sequence, the phase value is uniquely compared with a quantum state prepared on the transmitting side. In phase-coded quantum cryptography systems, each quantum state is a pair of quasi-single-photon coherent states of the form (Figs. 1, 2) localized in time windows 1 and 2

амплитуда квазиоднофотонного когерентного состояния, индексы 1 и 2 обозначают временные окна (фиг. 1), выбор базиса и состояний внутри каждого базиса фиксируется выбором относительной фазы между квазиоднофотонными состояниями внутри пары (фиг. 1, 2), относительная фаза когерентных состояний, локализованных во временных окнах 1 и 2 в базисах + и х, имеет видWhere

the amplitude of the quasi-single-photon coherent state, indices 1 and 2 denote time windows (Fig. 1), the choice of the basis and states within each basis is fixed by the choice of the relative phase between the quasi-single-photon states inside the pair (Figs. 1, 2), the relative phase of the coherent states localized in time windows 1 and 2 in bases + and x, has the form

The time dependences of the sensitivity of single-photon detectors are different (Figs. 1, 2).

In the normal mode of operation, the duration of quantum states and the position in time are chosen so that the states fall into the common region in time dependence of the sensitivity of both single-photon detectors D1 and D2 (Figs. 1, 2).

в базисе х,

. Выбор фазы производится наложением напряжения на фазовый модулятор в плече интерферометра Мах-Цандера (МЦ) (фиг. 1, 2).On the receiving side, the choice of the measurement basis - either + or x basis is made randomly and equally probable in accordance with a random sequence on the receiving side. In the basis +, the phase values are selected

in the basis x,

... The choice of the phase is made by applying voltage to the phase modulator in the arm of the Mach-Zehnder interferometer (MC) (Figs. 1, 2).

Before detecting states on the transmitting side in phase-coded quantum cryptography systems, the states coming from the quantum communication channel are transformed on the MC interferometer (Figs. 1, 2).

The probability of counting on the detectors in the central time window 2 (Fig. 1 - left half) is determined by the phase difference between the transmitting and receiving sides. The intensity at detector D1 is proportional to

and on detector D2 is proportional to

If the bases of the transmitting and receiving sides coincide, then when the phase difference of the states selected by the transmitting side and the receiving side ϕ _A- ϕ _B = 0, constructive interference occurs at the input of the detector D1 (Fig. 1, where the left half corresponds to the situation when 0 in the + basis, Fig. 2 corresponds to the situation when 1 was sent in the + basis), which will lead to a reading in the detector D1 in the central time window 2. In other words, when the bases coincide, for example, the + basis, the transmitting side chooses phase 0, and the receiving side, phase 0, then after transformations of the input states on the MC interferometer, ideal constructive interference will take place on the D1 detector. Due to destructive interference at detector D2, the detector will not trigger (Fig. 1 left half). The count of the detector D1 is interpreted as logical 0 (Fig. 1 left half).

If the transmitting side sent 1 in the + basis (Fig. 2 left half), which corresponds to the choice of the phase pi, then there will be constructive interference on the D2 detector, which will trigger the D2 detector. Due to destructive interference at the D1 detector, the D1 detector will not trigger (Fig. 2 left half). The D2 count is interpreted as logic 1.

Similarly, if the transmitting part sent state 1 in the + basis, i.e. the transmitting side chose the phase ϕ _A = π and the receiving phase ϕ _B = 0. In this case, constructive interference will take place at the detector D2 (Fig. 2 left half), which will lead to the reading of the detector D2. On the detector D1 (Fig. 2 left half) there will be destructive interference - no triggering of the detector D1 (Fig. 2 left half).

When the bases of the transmitting and receiving sides do not coincide, complete constructive or destructive interference does not occur at detectors D1 and D2 (Fig. 3).

The signal intensity regardless of the sent state (Fig. 3), respectively, the choice of phases in mismatched bases, will be proportional to both detectors D1 and D2:

if the phases ϕ _A and ϕ _B are selected from different bases, and regardless of the very choice of phases. The counting will take place on both detectors D1 and D2 (Fig. 3) with the same probability, regardless of which phase of the states is chosen by the transmitting and receiving sides.

During an attack, the eavesdropper breaks the quantum communication channel and uses equipment similar to the equipment on the receiving side for measurements in each message. The eavesdropper chooses a basis at random in each message, makes a measurement in the selected basis, and interprets the result as 0 or 1 in his chosen basis.

Further, in accordance with the measurement result, it resends a state similar to the state from the transmitting side, but in a different basis with respect to which the eavesdropper made his measurements.

The fundamental point of the eavesdropper's strategy is as follows: the duration and position in time of the fake state is always chosen so that it does not fall into the time sensitivity region of the one-photon detector that would have to register the resent quantum state in a given basis, i.e. .e. in the basis in which the overridden state is resent (Fig. 4).

Since the transmitting and receiving sides leave only those messages in which the bases coincided, then two situations are possible when the eavesdropper attacks.

The basis chosen by the eavesdropper, in relation to the basis of the transmitting / receiving side, was guessed correctly (note that the fact of correct or wrong choice of the basis is unknown to the eavesdropper during his measurements), then the eavesdropper receives the correct state upon registration. Further, the eavesdropper resends the opposite state to the one that he registered (if 0 is registered, sends 1, and vice versa) and in another basis (the measurements were in the + basis, then resends in the x basis, and vice versa) with a shorter duration and shifted relative to the sensitivity curve of the corresponding detector. If state 1 is resent, then the time shift relative to the sensitivity curve of detector D1 (Fig. 4), which should register a logic 0. As a result, resent states do not give erroneous samples. There is only a correct reading in the detector D1, where it should have been from the true states (Fig. 4).

The basis chosen by the eavesdropper in relation to the basis of the transmitting / receiving side was guessed incorrectly by the eavesdropper (Fig. 5). In this case, the readout from the eavesdropper can equally likely be in one of the two detectors. This follows from formula (1). Let for definiteness the basis of the transmitting and receiving sides is +, and the basis of measurements of the eavesdropper is x. The opposite situation is considered completely analogous. The eavesdropper re-sends states in the opposite basis with respect to which he made his measurements. Since the basis of the eavesdropper's measurements did not coincide with the basis of the transmitting and receiving sides, the eavesdropper will resend the states already in the correct basis, depending on the result of its measurements. In this case, two situations are also possible.

2.1) The count at the eavesdropper occurred in the detector D1 (Fig. 5). This count is interpreted by the eavesdropper as 0 in basis x. Then the eavesdropper resends the state 1 in the + basis, but of a shorter duration and shifted in time so that it does not fall into the sensitivity region of the detector D2 (Fig. 5). Since in this case an incorrect state is resent (1 in the + basis, the true state of the transmitting side is 0 in the + basis), this state gives constructive interference only at the D2 detector (Fig. 5), at the D1 detector there is an absence of a state due to destructive interference (Fig. 2). If the wrong state 1 in the + basis had not been shifted in time, then an erroneous count would have occurred. Due to the time shift of the wrong state (Fig. 5), there is no count on both detectors. The absence of counting is not an error; the absence of counts is attributed to line losses.

2.2) The eavesdropper has counted on the D2 detector. The eavesdropper interprets this count as 1 in basis x. The eavesdropper re-sends state 0 in the opposite basis +, shifted in time so that it does not fall in time into the time-sensitivity region of that single-photon detector (in this case, detector D1 (Fig. 5)), which should register the resent quantum state in this basis, in the basis in which the overridden state is re-sent (Fig. 5). As a result, there will be no readings on both detectors (Fig. 5). The absence of counts is not an error; the absence of counts is attributed to losses in the communication channel.

As a result of the attack, the eavesdropper knows the entire transmitted key, does not make errors on the receiving side - there are no erroneous samples and are not detected. The system does not ensure the secrecy of keys.

A similar situation takes place in polarization-coded systems.

The essence of the invention is illustrated in FIG. 6.

The method of measurements on the receiving side differs in that in each basis on the receiving side the phase values are randomly selected from two values. In basis + phases

are selected from the values 0 and π. In the basis x of two values π / 2 and π / 2

FIG. 6 on the left half shows a known method of measurements on the receiving side, on the right half shows the proposed method.

In the + basis, the choice of one phase value leads to the fact that the state 0+ arriving at the receiving side leads to constructive interference on the D1 detector and counting on it. The count on the detector D2 is absent due to destructive interference (Fig. 6).

If two phase values are selected in the + basis, then the readout in detector D1 or in detector D2 from the received state 0+ will take place depending on the choice of the phase on the receiving side. When phase 0 is selected, the count is in detector D1; when phase pi is selected, the count is in detector D2 (Fig. 6).

Similarly, if the detector receives 1+, then with one choice of the phase equal to O, the count will take place at the detector D2. With two phase values, the count will take place at both detectors depending on the phase selection. When the phase π is selected, the counting from the state 1+ will be at the detector D1 (Fig. 1); when the phase 0 is selected, the counting will take place at the detector D2 (Fig. 6).

Thus, at two values of the phases on the receiving side within the basis of the basis, the states corresponding to 0+ and 1+ give readings in both detectors, depending on the choice of the phase. A similar situation takes place in the x basis.

A random choice of two phase values within each basis leads to the fact that the eavesdropper will inevitably produce errors on the receiving side and will be detected.

Let the transmitting side send 0 in the + basis (Fig. 6). If the basis of measurements of the eavesdropper does not coincide with the basis of the transmitting and receiving sides - the eavesdropper has chosen the basis x, then the eavesdropper will equally likely receive a correct and an erroneous result.

Correct count (Fig. 6), count at the eavesdropper in detector D1 - is interpreted as logical 0 - correct result (Fig. 6).

The result - the reading on the D1 detector - is interpreted as Ox. In this case, the eavesdropper resends the state in the opposite basis 1+, shifted in time so as not to fall into the time curve of the sensitivity of the detector D2 - to block the reading in the detector D2 (Fig. 6).

In this case, the resent state will not produce an erroneous reading in the D2 detector, provided that the receiving side has chosen phase 0 in the + basis. However, if the receiving side has chosen the phase π, then the state 1+ will give constructive interference at the detector D1 (Fig. 6) and an erroneous reading on it, since with the true state 0+ and choosing the phase π, the counting from the true state 0+ at the detector at the detector D1 shouldn't be. There should be a reading only on the D2 detector (Fig. 6).

Erroneous count (Fig. 6), Count at the eavesdropper in detector D2 - interpreted as logical 1 - erroneous result (Fig. 6). The result - the reading on the D2 detector - is interpreted as 1x. In this case, the eavesdropper resends the state in the opposite basis 0+, shifted in time so as not to fall into the time curve of the detector Dl sensitivity - to block the count in the D1 detector (Fig. 6).

In this case, the resent state will not produce an erroneous reading in the D1 detector, provided that the receiving side has chosen phase 0 in the + basis. If the receiving side has chosen the phase π, then the 0+ state will give constructive interference at the D2 detector (Fig. 6) as it should be, since when the 0+ state is true and the π phase is selected; the count from the true state 0+ should be on the D2 detector (Fig. 6).

A similar situation takes place if the basis x is chosen by the transmitting and receiving sides.

Thus, the eavesdropper inevitably by his intrusion into the communication line during an attack using a different time dependence of the sensitivity of single-photon detectors, in quantum cryptography systems with phase and polarization coding, in which the eavesdropper knows the entire cryptographic key and is not detected, will be detected when using the proposed method, according to which the receiving side in each measurement basis chooses not one phase value, as was the case in known systems, but in each basis randomly chooses two phase values: phase 0 or π in one basis, and randomly phase π / 2 or -π / 2 in another basis, due to such a random choice of phases during an eavesdropper attack using a different time dependence of the sensitivity of single-photon detectors, will inevitably produce errors in those messages where the basis of the eavesdropper's measurements does not coincide with the basis of the transmitting and receiving sides.

A similar situation takes place in polarization-coded systems. In these systems, the phase values correspond to the photon polarization angles with respect to the selected coordinate system.

An example of implementation of the invention.

In order to demonstrate the effectiveness of the proposed method for the case of phase encoding, an experimental communication system with a quantum key distribution was implemented according to the scheme described in the article [Yi Zhao, Chi-Hang Fred Fung, Bing Qi, Christine Chen, and Hoi-Kwong Lo. Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems // PHYSICAL REVIEW A 78, 042333 (2008)]. To demonstrate the effectiveness of the proposed method in the case of polarization coding, an experimental communication system was implemented according to the scheme described in the article [Sebastien Sauge, Lars Lydersen, Andrey Anisimov, Johannes Skaar, and Vadim Makarov. Controlling an actively-quenched single photon detector with bright light // Optics Express Vol.19, Issue 23, pp. 23590-23600 (2011)]. In this case, the implementation of the proposed method was provided by supplying additional control signals from the random number generator to the phase modulator on the Bob side.

The eavesdropper attack on the communication channel was carried out according to the scheme described in the articles [Yi Zhao, Chi-Hang Fred Fung, Bing Qi, Christine Chen, and Hoi-Kwong Lo. Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems // PHYSICAL REVIEW A 78, 042333 (2008); Vadim Makarov and Johannes Skaar. Faked states attack using detector efficiency mismatch on SARG04, phase-time, DPSK, and Ekert protocols // arXiv: quant-ph / 0702262v3 23 Nov 2007].

In a series of experiments carried out for both phase and polarization coding, when transferring quantum states from Alice's side to Bob's side, the eavesdropper attempted to replace the quantum states intercepted in the communication channel with states generated by the eavesdropper. Moreover, each attempt was recorded in the form of a significant increase in the level of errors recorded on the receiving side. Thus, the effectiveness of the proposed method is confirmed experimentally.

Claims (10)

1. A method for detecting an attack on quantum states in a quantum communication channel between the transmitting side and the receiving side, including the stage of transmitting a series of messages, the stage of exchanging information over an open communication channel, the stage of detecting an attack, while at the stage of transmitting a series of parcels, the length of the series of parcels is set, and for each parcel in the series, the transmitting and receiving sides are prepared, the parcel is transmitted by the transmitting side and the parcel is received by the receiving side preparation of the transmitting side includes randomly and equiprobably choosing one of the two bases of the transmitting side, choosing randomly and equiprobably one of the two phase values in the selected basis, synchronizing the total time between the transmitting and receiving sides and preparing the transmitting side of a quantum state that uniquely corresponds to the selected phase value; preparation of the receiving side includes randomly and equally probable selection of one of two phase values as the basis of measurements; and for each selected phase value, the measurement basis is randomly and equally likely to be changed to orthogonal or the basis is left unchanged; sending a message by the transmitting side includes transferring a quantum state prepared on the transmitting side to a quantum communication channel; receiving a message by the receiving side includes sending the received message to the input of the quantum state transformer, equipped with two outputs and registering the signal with one of the detectors installed at each of the outputs of the quantum state converter, depending on the received quantum state and the phase value pre-selected randomly and equiprobably on the receiving side ; at the exchange stage via an open communication channel, the transmitting side transmits to the receiving side, or the receiving side transmits to the transmitting side information about the selected basis for each transmitted or received message, the receiving side generates an updated series of messages by removing from the received series of messages for which the bases selected on the transmitting and host parties do not match; at the stage of detecting an attack, the number of non-coinciding messages in the transmitted and received series is determined, and each mismatch is interpreted as an attack on quantum states in a quantum communication channel, 2. The method according to claim 1, wherein a Mach-Zehnder interferometer is selected as the quantum state transformer. 3. A method according to claim 1, wherein avalanche single-photon photodetectors are selected as detectors on the receiving side.

Images