The strong correlations between entangled quantum systems, even widely separated, is a unique resource for quantum communication. It offers a fascinating method to distribute securely the cryptographic key used in the one-time pad cryptography method. In Quantum Optics 1, I presented the protocol BB84, invented by Charles Benett and Gilles Brassard, using the quantum properties of single photons to realize a fully secure exchange of keys. Today, you will discover the method invented by Artur Ekert, based on two entangled photons to generate simultaneously two identical keys, without the possibility of a third copy being produced. In lesson seven of Quantum Optics 1, I presented the one-time pad cryptography method proved to be absolutely secure by Claude Shannon. Two partners, Alice and Bob, have two identical random series of numbers, say zero and one, used to encode and decipher a secret message, which can then be transmitted on a public channel. In order to guarantee the absolute security, the message must not be longer than the encoding key, to prevent use of regularities to uncover the code. It means that after sending messages with a total length equal to the length of the key, Alice and Bob must renew the key. They must receive two new identical series of zero and one, without the eavesdropper, Eve, being able to get his own copy of the key. In 1992, Artur Ekert proposed a method based on polarization-entangled pairs of photons, to simultaneously generate, at two distant places, two identical sequences of zeros and ones. Remember what you learned last week, and you should be able to guess yourself the basic idea. At each polarizer, the results plus one and minus one are happening randomly with equal probabilities. But If the polarizers are aligned along the same direction, there is a total correlation between the random results on both sides. They are either both plus one or both minus one, and the crossed cases never happened. So, the process itself, in its very fundamental nature, produces two identical random sequences on each side. These can be used as two identical encoding decoding case, generated at each side. I've replaced the minus one outcome of the polarizer by zero, to respect the usual convention in cryptography. A remarkable feature of the Ekert protocol is that the eavesdropper, Eve, cannot intercept enough information to get his or her own copy of the key. Can you find the fundamental reason? It was given last week, when I explained how quantum calculations allow us to make an image of the correlations in our ordinary space. According to the image built from the projection postulate, the value of each beat of the key, is decided only at the last moment, when the measurements are performed on the photons. So, between the source and the polarizers, the key does not exist yet. There is nothing to spy. Fascinating, isn't it? Cryptographists must be paranoiac, and consider any possibility for smart eavesdropper to get what they want to hide. Here might be a possibility: let us suppose that the eavesdropper knows a priori what the direction b of the polarizer of Bob is. He or she can then insert, between the source and Bob, a polarizer oriented along the direction b, and observes the results plus one or minus one, he or she finds. He or she then sends a photon polarized along b or perpendicular to b depending on the result. He plays the role of the first measurement that collapses the entangled state, and both Alice and Bob will find the same result as him. As a result, the eavesdropper has a third copy of the key. To beat such a smart and well-equipped eavesdropper, it is possible to use a basic quantum property of single photons, already used in the BB84 method. It is not possible to determine the polarization of a photon, unless one knows a priori along which set of orthogonal axis it is expected to be polarized. To beat the eavesdropper, Alice and Bob will then choose randomly their polarizers' orientations, along directions making relative angles with values zero, or pi over eight, or three pi over eight, or over orientations. The set of orientations shown here correspond to that situation. Now, when the sequence is finished, Alice and Bob can communicate on a public channel to know the cases when the angles were zero, and when they were pi over three or three pi over three. The first series of data, corresponding to an angle zero between the polarizers, allows Alice and Bob to obtain the two identical keys. The second series of data allow them to check that the correlation they find are the ones expected for the EPR pairs, at known angles of the polarizers. If there is an eavesdropper making a measurement along another direction than the one of Bob, the correlations will be different from the ones expected for the EPR pairs. In that case, Alice and Bob know that there is a spy on the line, and they will refrain from using the key. The method above is based on the assumption that the exact correlation predicted by quantum mechanics is the one that should be observed. In fact, the method is more general, independent of any precise modeling of correlations. It's suffices to make Bell's inequality test and to observe a violation of Bell's inequality to know that there is no eavesdropper on the quantum channel. Any idea of the fundamental reason for that statement? I already mentioned the basic reason why generating two identical keys with EPR integral photon is sure. It is because a key does not exist until the moment when Alice and Bob perform their measurement. But what happens if an eavesdropper makes a measurement before Alice and Bob? Then it creates a key, But by doing so, this makes the quantum state become a factorized state where each photon is in a well defined polarization. Then the correlation observed by Alice and Bob must obey Bell's inequalities. I will not demonstrate it, but I can tell you that in the state resulting from the action of the eavesdropper, the quantum correlations predicted for Alice and Bob assume a form analogous to the one written for any local supplementary parameters model, that is to say, a convex sum of products of terms associated with each polarizer. So, because of the presence of the eavesdropper, Alice and Bob will find the value of S that never violates Bell's inequalities. In contrast, if they find some correlation with S combination violates Bell's inequalities, they can be sure that there is no spy on the quantum channel. This is called an unconditional security test, since it does not rely on any model allowing one to predict in advance which correlations they should find. You may ask then why choose specific angles, pi over eight or three pi over eight? It is not a bad idea to try these angles, but if it does not work, you can try other angles. In principle, it is enough to find one set, a,a', b,b' of orientations, where a Bell inequality is violated to be sure that no spy has a copy of the key.