Quantum cryptography provides a secure means for distributing secret keys between two parties (usually referred to as Alice and Bob) on an optical network. A unique feature of the technique is that the secrecy of the keys is independent of the resources available to a hacker. In particular, their secrecy does not rely upon a difficult
mathematical problem that could be solved, or a clever algorithm that could be cracked or even some ingenious hardware that might one day be reverse engineered.
The keys distributed using quantum cryptography can be used along with an algorithm to encrypt data or messages sent between the users, thereby ensuring their confidentiality. Only users in possession of the secret key can decrypt the data to recover the original message. One such encryption algorithm, called the ‘one-time pad’, simply makes binary additions of the data bits with those of the key, to form the encrypted message. A similar addition of the encrypted message and the key at the receiver's side recovers the original data.
The one-time pad requires that the encryption key is the same length as the data to be sent. Quantum cryptography provides a method to distribute sufficient key material to make the one time pad viable for short, but highly confidential, messages. Data sent using the one-time pad can be guaranteed secret with certain probability, provided the key is used only once. Larger volumes of data can be encrypted using algorithms such as AES (Advanced Encryption Standard). These use keys of fixed length, for example 256 bits for AES and thus allow a large volume of data to be sent with one short key that can be refreshed rapidly using QKD.
Other important uses for the keys distributed by quantum cryptography are to authenticate messages sent across the network, i.e. to identify their origin and integrity, and to identify users.