Instantiations of KCQ devoted specifically to ultrasecure data encryption at the physical layer are called the AlphaEta protocol in the US and the Y-00 protocol in Japan. Like BB84, AlphaEta uses either polarization states of light or temporal phase states of light to encode logical bits. Unlike BB84, AlphaEta uses on the order of ten to several thousand photons per logical bit—an important distinction. Whereas BB84 uses single photons, AlphaEta employs light beams comprising many photons. This basic fact facilitates AlphaEta’s relatively seamless incorporation into existing wired and wireless networks. Furthermore, AlphaEtaencrypted traffic can be amplified, while BB84 key generation traffic cannot.

Figure 2 provides a schematic of the AlphaEta protocol. As illustrated, AlphaEta requires a secret seed key, K, shared between allies A and B. A suitable mathematical algorithm extends K to a long pseudorandom running key, K ′, which is divided into bitstream blocks. An encryption algorithm combines blocks of bits from K ′ with each bit in the plaintext data, X, producing a block of ciphertext, ρ. Physically, each such block specifies a voltage driving a light modulator, which rotates the polarization or temporal phase states of all photons passing through it and contributing to the transport of a particular bit. A quantity, M, of polarization bases are available for the encryption, providing 2 × M possible rotations, since there are 2 possible electric field polarization states per basis, each denoting a logical 1 or 0.

Measuring each bit sent from A to B entails quantum mechanical uncertainty, because the state of polarization or phase is uncertain, mired in the quantum noise. The variances about the mean values of each possible state sent suffer significant overlap with neighboring states, as indicated in Figure 3. Each such uncertain ciphertext state sent by A will undergo measurement by ally B on the legitimate receiving end and by enemy E, if through snooping that enemy has managed to intercept some of the signal. Sharing a key with A, ally B can perform an optimal binary measurement in noise, while enemy E, who does not share a key, cannot. Instead, enemy E must perform a multiple choice, or M-ary (as opposed to binary), measurement on the signal. Consequently, ally B’s probability for error is significantly less than enemy E’s probability for error. In fact, enemy E’s bit error rate can be made arbitrarily close to 50%, the guessing limit. In other words, enemy E is forced to flip a coin regarding the value of each ciphertext bit sent. Each ciphertext bit can itself be ciphertext output from the most stringent mathematical-complexity-based encrypting algorithm known. AlphaEta therefore provides a physical barrier to successful snooping, augmenting mathematical-complexity-based security and effecting perfect security against ciphertext-only attacks by enemy E.

Enemy E can, however, execute a known plaintext attack on the system— an attack that can be launched against any cryptographic system presently in use. By knowing the plaintext, X, and the ciphertext, ρ, enemy E can execute an exhaustive search to determine the seed key, K. In standard mathematicalcomplexity- based systems, ρ is assumed completely known by E. In the AlphaEta environment, ρ is uncertain and E cannot ascertain any of the ciphertext bits. However, scientists believe that given sufficient time and resources, enemy E could eventually determine the seed key, K, though she cannot execute her attack via computer terminal and network alone. Rather, enemy E must execute her attack making imperfect physical measurements on a single enciphered message. Assuming she knows the exact encrypting algorithm, she can try every possible key/plaintext combination until hitting the right one. A resourceful enemy might eventually prevail, given sufficient time and resources to find that one in 2^K possible keys with which to crack the AlphaEta cipher. In current AlphaEta implementations, the possible number of keys approximates 2⁵⁰⁰—a huge number that can be made bigger still.⁵