**Q**. What is Cryptography? Why do we need it?

Cryptography has been an integral part of human history. Even in ancient times, people have been trying to keep valuable information secret. They have always been trying to find new means of secure communication, such that other than the recipient and the sender, no one else can know the secret message. To keep a message secret, we encrypt the message with a secret key (known only to the recipient and the sender). To find the original message, the recipient uses the secret key to decrypt the encrypted message.

With the ever-increasing success of technologies, cryptography plays an indispensable role in this Information age. Every day billions of people are performing sensitive tasks – online banking, secret messaging, data storing, chip-based credit card transactions to name a few. That is why a considerable amount of human resources and capital are being invested in creating and analyzing protocols for secure communication.

**Q**. What is quantum cryptography? Does it truly provide better security?

Current classical encryption methods rely on the fact that an adversary can no longer find the encryption key within a specific amount of time. It assumes that the adversary has limited computation power. The security relies on the hardness of a computational problem that cannot be solved in a reasonable timeframe with limited resources. Some of these protocols will no longer be secure with the advent of new quantum technologies, e.g., the RSA cryptosystem can be broken using Shor’s quantum algorithm.

However, there exist other encryption schemes, such as the one-time pad symmetric scheme, which requires a secret key of the same length as the message that can only be used once. Such a system is not vulnerable to future developments in computational power and thus provides everlasting security. Quantum mechanics provides the perfect platform for one to realize such a secret key through the quantum key distribution protocol or QKD.

**Q**. Can you elaborate on QKD?

QKD allows two honest distant parties, traditionally named Alice and Bob, with access to an untrusted quantum channel and an authenticated classical channel, to share a secure key that remains secret to any adversary, usually referred to as Eve. The quantum channel is insecure and considered to be controlled by Eve while the classical channel is authenticated, meaning communication over this channel can be monitored by Eve but cannot be altered, i.e., Eve cannot pretend to be either Alice or Bob. A QKD protocol consists of two steps: quantum communication and classical post-processing.

The quantum communication step comprises two parts: the distribution of quantum states through the quantum channel and the measurement of these quantum states. In classical post-processing, the data obtained from the measurement is processed into a secure key.

In 1984, Bennett and Brassard first introduced QKD with single photons acting as the information carrier. The exchanged quantum states are encoded into the polarization, phase, or time bin of the transmitted qubits, and the secret key is established upon detection of the individual photons. These protocols are referred to as “*discrete-variable*” (DV) QKD. The measurement apparatus for such protocols is a single-photon detector, which detects a click when a photon has hit the detector or no click otherwise.

**Q**. But you work in continuous-variable QKD. How is it different from the DV protocols?

The idea was to exploit degrees of freedom in phase space, which resulted in measuring the quadratures of the electric field (position and the momentum) of the incident light using interferometric detection schemes widely used in high-speed telecom networks, yielding continuous values as a measurement result. Thus the name “*continuous-variable*” QKD or CV-QKD.

The main advantage of CV-QKD is the simplification of implementation, as one can use only standard telecommunication components that are much more mature from a technological point of view than single-photon detectors whose primary use is QKD. This suggests that CVQKD holds the potential for large-scale deployment using the current coherent telecommunication networks. In fact, in our latest work, we tried an avenue that brings us a little closer to the possibility of large-scale deployment.

**Q**. Please explain a little bit more about your work.

Establishing security for CV-QKD protocols is harder than that of DV protocols, simply because continuous-variable states (coherent states, Gaussian states, etc.) lie in a bigger Hilbert space (the state space) compared to the discrete-variable states. Previous security proofs of CV-QKD required these coherent states to be randomly chosen from an infinite set of states derived from a continuous distribution, which cannot be accurately prepared in real-world systems.

In our latest work, we analyze a CV-QKD protocol that uses only four coherent states, which can be reliably prepared with available optical technology. Not only does this make the state preparation simpler, but the error reconciliation step during post-processing is simplified as well. The analysis shows that this protocol could securely transmit a secret key over distances ranging from 50 to 150 km, depending on the noise in the transmission channel.

The protocol still has some limitations:

- The assumption that the receiver has perfect knowledge of the channel’s noise.
- We prove security against a special type of attack called collective attack, not against general attacks in the asymptotic limit of infinitely long keys, not finite-sized keys.
- The mentioned protocol performs well only for low values of
*alpha*(amplitude of the coherent state).

We are working towards removing these limitations. This research work is published in Physical Review X.

Q.This was your last published work. What have you been working on since then?

We have been working on a quantum money scheme in the continuous-variable framework. Wiesner introduced the quantum money scheme in the early ‘70s. A quantum money scheme aims to protect the money from being counterfeited. This is accomplished by combining the money with a secret key that has been encoded into quantum states.

The scheme involves three parties – a mint, a bank, and a client. The mint generates the money (quantum states). The states are chosen from a finite ensemble set of quantum states. These states are then stored in a quantum memory, assigned with a unique serial number, and finally handed to a client. This sequence of states is stored by the mint in a classical key and shared with the bank. Depending on whether the key is kept secret or made public, the money schemes are categorized into two categories:

- Private-key (cheque and credit card services): Since the key is kept secret, only the banks can check the validity of the money.
- Public-key (banknotes): Anyone can check the validity of the money.

In private-key quantum money schemes, there are two methods of verifying the validity of the money:

- Quantum verification: Here the entire money (states) has to be sent to the bank for verification, which requires a quantum channel.
- Classical verification: This process involves answering randomly selected challenge questions given by the bank.

Our current work involves analyzing a CV model of a private-key quantum money scheme with classical verification. The motivation behind this protocol is to facilitate the process of practical implementation. Here, we use coherent detection instead of single-photon detectors, which is the current industry standard in optical telecommunication. For such private-key money schemes with classical verification, counterfeiting is considered successful, if, for a given serial number, the adversary can answer two sets of independent challenge questions from two different banks simultaneously. The security relies on the fact that a single random challenge question can be answered with certainty, while any two randomly selected challenge questions cannot be answered with unit probability.

We propose a money scheme with an ensemble set of 4N coherent states. We numerically analyze the cases for N = 1 to 6 and find that the loss tolerance of the scheme improves with higher ensemble size. The region of operation for the money scheme also improves as we increase the ensemble size, i.e., the schemes are secure for a larger region of *alpha *(amplitude of the coherent state). Our analysis shows CV money scheme with a 13% loss tolerance is feasible. This opens up a new door to more practically feasible quantum money schemes. The manuscript is being prepared.