An interferometric quantum cryptographic system at 1550nm wavelength using gated InGaAs Avalanche Photo Diodes as single-photon receivers is demonstrated for a transmission distance up to 40 km.
©1999 Optical Society of America
Quantum cryptography is a technique for establishing a fundamentally secure key for cryptography, using the encoding of the key on single-photon pulses in a way that quantum mechanics guarantees the detection of an eavesdropper . For optical wavelengths around 1300nm, experimental demonstrations include key generation at kbits/s up to 48km distance , quantum cryptography in 1300/1550nm field WDM system  with the quantum key (single-photons) at 1300nm and the encrypted data transmission at 1550nm, and a stable “plug and play” interferometric system on 23km installed telecom fiber , an improved version presented in . However, for 1550nm wavelength, there are few if any detailed results, as the performance of Avalanche Photodiodes (APD) used as single-photon detectors has been considered insufficient. It should be stressed that the extension of quantum cryptography to the third telecom window at around 1550nm is of some technological relevance. First of all, for the general applicability of quantum cryptography it is essential to demonstrate that it is compatible with the standard telecom network. Furthermore, at the optical wavelength of 1550nm, the fiber losses are 0.2 dB/km compared to 0.3dB/km for 1300nm wavelength. For a quantum cryptographic system (with the detector characteristics at both wavelengths taken to be equal), this translates into a possible 50 % increase in transmission distance at the same bit rate. Here we report on the implementation a 1550nm “plug-and-play” interferometric scheme for quantum cryptography, the system solution is the same as implemented by Gisin group in Geneva for 1300nm in . After submission of this work, we also have learned about , where an interesting new system is presented with preliminary results, which however is based on Germanium APDs at 1540nm wavelength. Normally these APDs are considered too insensitive at long wavelengths. A principal issue addressed here is both the performance of the detectors and the systems results.
Our single-photon detector is a liquid nitrogen cooled InGaAs APD operated in a gated mode. That is the bias voltage is lifted above breakdown only a few nanoseconds, when we expect a signal to arrive. A passive quenching circuit with a 320 kΩ series resistance providing the DC bias was used. The gate voltage was added on top of the bias, and the signal was measured over a 50 Ω load resistance. In Fig.1, we show the noise equivalent power (NEP = hν (2R)1/2 /η), where hν is the photon energy, η the APD quantum efficiency and R the dark count rate) as function of temperature. The operating temperature of the APD is adjusted with a heater in the cryostat. Interestingly, a good operating temperature is found around 210Kelvin (- 60 degrees Celsius), which implies that a simple Peltier cooling is possible. It is to be noted that Germanium APDs for 1300nm have to be cooled to 77Kelvin in order to have a good performance, making them less attractive for practical system implementations. Our best performance was obtained with an InGaAs APD C306444EJT-07 manufactured by EG&G. However, other work , indicates that APDs from other manufactures also may give a similar performance. We operate the APD at an excess bias voltage of 4V (breakdown voltage = 41.5 V), giving a quantum efficiency η of 18 % and using a gate width of 5 ns, we obtain a dark count probability Pd per pulse of Pd =2*10-4 in the counter.
In Fig. 2 we show the implemented “plug and play” quantum cryptography system set-up. By using Faraday mirrors (FM1 and FM2), any birefringence in the interferometer is compensated and no alignment is needed. To describe how the system works in brief: Bob sent a short laser pulse, which is split in two pulses, P1 and P2. P1 goes directly to Alice and back, while P2, is first delayed by the FM1-FM2 delay line and then travels to Alice and back. Alice and Bob encode their bits using a phase modulator PM2 only on P2 and PM1 only on P1 respectively. When the P1 pulse reaches the PINA detector, Alice measure its energy and time arrival to be able to know how much to attenuate to single photon level by using her attenuator A and when to start to phase modulate the pulses. The timing of the system is provided by a SRS 535 delay generator, which triggers the laser pulse generator PGL, the phase modulator PM1 via function generator FB, the gate pulse generator PGD and in this case also the phase modulator PM2 on Alice’s side driven by the function generator FA. For simplicity, we have here only implemented the so-called B92 protocol [4,8] using a two-state encoding. Alice and Bob defines the bit values “0” and “1” by choosing randomly 0 (digital “0”) and π = (digital “1”) phase shifts. The interference will be constructive (detection) and destructive (no detection) if the phase difference between Alice and Bobs phase shift is 0 or π respectively. Bits corresponding to no detection are disregarded. In this manner, Bob discloses to Alice if the interference was constructive or destructive, both will know if they had the same modulator setting or not, thus obtaining a joint string of secret bits. The issue on the difficulty of eavesdropping on this protocol is discussed in [4,8,9], but basically follows from that an eavesdropper must insert an interferometer on his own to infer the phase difference on the single photon pulse without Alice and Bob being able to determine this from either an increase in the error rate or a change in the power level of the pulses.
In the systems experiment, a DFB laser operating at 1550nm wavelength was directly modulated to produce 2ns long pulses with a repetition rate of 1KHz. The low source rate of 1kHz may easily be increased to 100kHz. Above this value one must be careful to avoid influence of dark counts due to after-pulsing from trapped charges in the APD. The pulses are sent from Bob along a spooled fiber before reaching the side of Alice where the pulses are attenuated to an average of 0.1 photons per pulse. The “classical” fringe visibilities Vc (using a pulse with many photons) of Vc = 98, 96 and 90 % were obtained for a propagation of 10, 30 and 40km respectively. The decrease of visibilities can be explained by timing and alignment difficulties for longer distances. The classical visibility basically allows us to separate the errors due to a non-perfect extinction ratio in the interferometric system, from the false counts to dark counts in the detectors. To experimentally infer the total system Quantum Bit Error Rate (QBER), i.e., the error rate before error correction, we measure the counts per second for constructive (Imax) and destructive interference (Imin). The QBER is then obtained  simply by dividing the number of false counts, i.e. counts in the detector when the interference is destructive, with the counts obtained when the interference is constructive. We obtain a QBERs = Imin / (Imax+Imin) of 3, 6 and 9% for a propagation of 10, 30 and 40km respectively. These error rates are below the 15% limit, above which error correction and privacy amplification cannot be used [1,9]. A theoretical expression for the QBER can be obtained as ,
where α is the fiber loss in dB/km and L is the transmission distance in km, and the other parameters were defined above. Using this, and our experimental results as a verification, we may extrapolate to find the longest transmission distance possible. In Fig. 3, we plot the QBER as a function of transmission distance, the solid lines are the theoretical results from Eq. 1, and the crosses are our experimental results. Note the exponential dependence due to the loss of photons in the propagation, i.e. the second term in the denominator of Eq. 1. Using the present experimental parameters, a secure key for up to 60 km would in principle be feasible, albeit the effective key-rate would be very low. To go beyond this distance, the dark counts should be decreased using shorter gate widths or a time-to-amplitude converter to trigger only on the rising edge of the current pulse of a photon detection. In curve (b) of Fig. 3, we show the predicted result (from Eq. 1) for a ten-fold decrease in dark count and a 99.5 % classical visibility. This extrapolation is realistic, and should be reachable soon. Our gating time is about 5ns, which could be reduced further. The limit should be set by the timing jitter of the APD detection which is around 200-300ps. Hence, if we assume that the dark counts occur uniformly within the gate pulse, a reduction of the gate time to 0.5ns would roughly give a tenfold reduction in dark counts. Higher visibilities can be obtained by picosecond timing resolution and more stable setup. All in all, such further improvements, well within reach, would open for more than 100 km secure key distribution. Finally we note that our setup can relatively easily be improved to be used for the so called four-states BB84 protocol [1,5] by adding a second APD at Bob’s side and with a four phase shift coding scheme (0, π/2, π, 3π/2). The interest in the four-state BB84 protocol is that it has a higher level of security compared to the two-state B92 protocol.
In conclusion, we have demonstrated the feasibility of quantum cryptographic systems operating at 1550nm up to 40km transmission distance. The key result is optimization of the InGaAs APD as it is used in the system, as well as the measured error rates in the full system. Improving the detection electronics, increasing the key rate, and using Peltier cooling of the detector, could lead to practical quantum cryptographic system at an optical wavelength of 1550nm for telecom applications capable of 100km transmission distances.
We would like to acknowledge the G. Ribordy, H. Zbinden and N. Gisin of the Group of Applied Physics, Univ. Geneva and R. Hughes of Los Alamos National Laboratories for useful discussions. This work was supported by the Swedish Technical Science Research Council (TFR) and Telia Research AB, Sweden.
References and Links
1. C. H. Bennett, F. Bessete, G. Brassard, L. Salvail, and J. Smolin, “Experimental quantum cryptography,” J. Cryptology 5, 3–23 (1992). [CrossRef]
2. R. Hughes, G. L. Morgan, and C. G. Peterson, “Practical quantum key distribution over a 48-km optical fiber network,” Los Alamos e-print archive quant-ph/9904038, submitted to J. of Mod. Opt.
3. P. D. Townsend, “Simultaneous quantum cryptographic key distribution and conventional data transmission over installed fiber using wavelength division multiplexing,” Electron. Lett. 33, 188–189 (1997). [CrossRef]
4. A. Muller, T. Herzog, B. Huttner, W. Tittel, H. Zbinden, and N. Gisin, “Plug and play” systems for quantumcryptography,” Appl. Phys. Lett. 70, 793–795 (1997). [CrossRef]
5. G. Ribordy, J. D. Gautier, N. Gisin, O. Guinnard, and H. Zbinden, “Automated ‘plug & play’ quantum key distribution,” Elec. Lett. 34, 2116–2117 (1998). [CrossRef]
6. J.-M. Merolla, Y. Mazurenko, J.-P. Goedgebuer, and W. M. Rhodes, “Single-photon interference in sidebands of phase-modulated light for quantum cryptography,” Phys. Rev. Lett. 82, 1656–1659 (1999). [CrossRef]
7. G. Ribordy, J. T. Gautier, H. Zbinden, and N. Gisin. “Performance of InGaAs/InP avalanche photodiodes asgated-mode photon counters,” Appl. Opt. 37, 2272–2277 (1998). [CrossRef]
9. H. Zbinden, H. Bechman-Pasquinucci, N. Gisin, and G. Ribordy, “Quantum cryptography,” Appl. Phys.B 67, 743–748 (1998). [CrossRef]