A tamper-indicating quantum seal

Brian P. Williams, Keith A. Britt, and Travis S. HumbleQuantum Computing Institute, Oak Ridge National Laboratory, Oak Ridge, Tennessee USA 37831∗

Technical means for identifying when tampering occurs is a critical part of many containment andsurveillance technologies. Conventional fiber optic seals provide methods for monitoring enclosedinventories, but they are vulnerable to spoofing attacks based on classical physics. We addressthese vulnerabilities with the development of a quantum seal that offers the ability to detect theintercept-resend attack using quantum integrity verification. Our approach represents an applicationof entanglement to provide guarantees in the authenticity of the seal state by verifying it wastransmitted coherently. We implement these ideas using polarization-entangled photon pairs thatare verified after passing through a fiber-optic channel testbed. Using binary detection theory, wefind the probability of detecting inauthentic signals is greater than 0.9999 with a false alarm chanceof 10−9 for a 10 second sampling interval. In addition, we show how the Hong-Ou-Mandel effectconcurrently provides a tight bound on redirection attack, in which tampering modifies the shape ofthe seal. Our measurements limit the tolerable path length change to sub-millimeter disturbances.These tamper-indicating features of the quantum seal offer unprecedented security for unattendedmonitoring systems.

PACS numbers: 42.50.Ar,03.67.Bg,42.79.Sz

I. INTRODUCTION

Tamper-indicating optical seals are widely used for ver-ifying the integrity of enclosed systems, including stor-age containers, physical perimeters, and fiber networks[1–4]. Fiber-optic seals have proven especially useful foractively surveying large areas or inventories due to theextended transmission range and flexible layout of fiber[5, 6]. These seals operate as optical continuity sensorsthat confirm transmission of an encoded light pulse fromsource to receiver with tampering indicated by either theabsence of the light or an error in the received encoding.

In the classical setting, detection of tampering requiresfailure of the intruder to accurately replicate the originaltransmission. This is typically accomplished with “se-cret” information that is hidden from the intruder, forexample, the optical modulation sequence used to trans-mit pulses. This secret information, however, is vulner-able to discovery by the intruder using conventional sig-nal detection methods. Thus, in principle, an attacker isable to perfectly replicate the optical signal using a prioriknowledge, and the classical variant of an optical seal isvulnerable to an intercept-resend spoofing attack. In thiscase, the intruder has the ability to recover information,such as the frequency, bandwidth, and modulation, thatdescribes the classical state of the light. An exact dupli-cate of the transmitted signal can then be replicated bythe attacker and injected into the fiber, thus spoofing thedownstream sensor.

By contrast, cloning quantum information is prohib-ited by the linearity of quantum mechanics [7, 8]. At-tempts to clone quantum information, even optimally,necessarily introduce noise into the resulting state and

∗ williamsbp@ornl.gov

its subsequent observables [9]. These guarantees of theno-cloning theorem are well known from quantum keydistribution (QKD), where non-local correlations inher-ent to quantum states are used to secure correlated mea-surements outcomes between users [10]. A QKD eaves-dropper’s attempt to clone transmitted quantum statesintroduces additional noise into the observed results thatreveal her presence to the users [11–13]. In the contextof QKD, added noise manifests as larger bit-error ratesin the raw measurements and theoretical considerationshave set upper limits on the security of these systems.

We report how the no-cloning theorem can be appliedto the development of tamper-indicating seals. In partic-ular, we close the intercept-resent vulnerability for opti-cal seals by using entangled quantum states to monitorsignal continuity, and we demonstrate how the intercept-resent attack can be detected by monitoring the entan-glement between a pair of transmitted photons. Because

FIG. 1. A schematic of a tamper-indicating quantum opticalseal showing four major components: (a) an entangled pho-ton source, (b) reference and active fiber optic links, (c) anentanglement verification measurement, and (d) a monitoringsystem that process timestamped single photon detections.

arX

iv:1

508.

0533

4v2

[qu

ant-

ph]

15

Oct

201

5

2

entanglement between the photon pair can only be gen-erated at the authenticated transmitter, any attempt tospoof the receiver with a replicated photon is immedi-ately detected. We formalize detection of tampering interms of a statistical estimate of the entanglement andshow how entanglement distinguishes between an authen-tic seal state and a potential tampered seal. We im-plement these ideas using spectrally and polarization-entangled photon pairs as part of a quantum signal detec-tion system. Our results find a probability of detectionfor inauthentic signals greater than 0.99999 at a falsealarm rate of one in a billion for a 10 second samplinginterval.

We also present tight bounds on an intruder’s ability tospoof the seal using a second type of attack based on redi-rection of the signal path. The latter vulnerability ariseswhen the intruder changes the path length of the opti-cal signal, perhaps when rerouting around the intendedenclosure. Conventional approaches to detect this at-tack rely on anomalies in the signal time-of-arrival, whichis limited by the timestamping electronics. We employthe Hong-Ou-Mandel effect between energy-degenerateentangled photons to detect submillimeter path lengthchanges. Finally, we present a prototype implementa-tion and experimental results that validate detection ofthese various tampering methods with estimations of thetransmitted entanglement.

Entanglement has been proposed previously to offer anadvantage for various forms of tamper detection. Thisincludes our earlier efforts to demonstrate intrusion de-tection by monitoring the free-space optical transmis-sion of entangled states as a kind of a quantum tripwire[14]. Those experiments used a sensing configuration inwhich the polarization entanglement between two pho-tons transmitted to different measurement receivers wasquantified. This system was subsequently improved withthe development of non-local polarization interferome-try, which offers greater sensitivity to the transmittedstate while providing more efficient sampling [15]. Sim-ilar research for perimeter monitoring has applied theidea of interaction-free measurement to create an invis-ible quantum fence, in which the intruder is unable todetect the quantum signal state with very high proba-bility [16]. There have also been previous uses of en-tanglement verification applied to remote sensing, wherethe quantum statistics of a reflected signal are used toauthenticate the results of an imaging system [17].

The paper is organized as follows. In Sec. II, wepresent our model for the quantum seal, and we for-malize the problem of tamper detection using binary de-tection theory. In Sec. III, we detail the experimentalimplementation of the seal including the entangled pho-ton pair source, entanglement detection, and Hong-Ou-Mandel interference measurements. Additionally, the re-sults of our experimental studies to characterize seal per-formance in term of observed entanglement statistics andacquisition times are given in this section. We concludeour presentation in Sec. IV.

FIG. 2. A Bell-state analyzer (BSA) consists of two modeslabeled as 0 and 1 input to a symmetric beamsplitter, whoseoutput modes 2 and 3 direct to a pair of polarization ana-lyzers and single-photon detectors. A beamsplitter after thepolarization analyzer allow probabilistic detection of each co-incidence type.

II. THEORETICAL MODEL

A schematic diagram of a quantum seal prototype ispresented in Fig.1. It consists of a secure enclave thatgenerates and detects a quantum signal state and anunsecure area that corresponds with the system to bemonitored. The quantum signal state is a pair of pho-tons prepared in a polarization-entangled Bell state bycw-pumping of type-II spontaneous parametric down-conversion (SPDC). These photons are coupled into ac-tive and reference fibers, where the active fiber traversesthe unsecure area and the reference fiber remains insidethe secure enclave.

The footprint of the active fiber is configured to mon-itor access to an enclosure, for example, the inventoryof closed containers shown in Fig. 1. The reference fiberis co-located with the transmitter and effectively repre-sents a photon storage loop. Both fibers terminate ata Faraday mirror that reflects the photons and correctsfor any polarization scrambling prior to the return tip.After reflection, each photon is router by a circulators toone of the input ports of the Bell-state analyzer (BSA)shown in Fig. 2. The photons are subsequently detectedand the resulting information output port and polariza-tion enables partial discrimination of the Bell states andentanglement detection.

A. Entanglement Detection

The Bell-state analyzer (BSA) shown in Fig. 2 supportspartial discrimination between the polarization-encodedBell states [18, 19],∣∣Ψ±⟩ = (|H0V1〉 ± |V0H1〉)/

√2∣∣Φ±⟩ = (|H0H1〉 ± |V0V1〉)/√

2.

3

where Hi and Vi label horizontally and vertically polar-ized photons in spatial mode i. The states Ψ+ and Ψ−

have distinct detection signatures that allow determin-istic identification, whereas the Φ± states are not dis-tinguishable amongst themselves but are distinguishablefrom Ψ± 1 Moreover, consider an arbitrary two-photonpure state

|θ〉 = (a |H0, H1〉+ b |H0, V1〉+ c |V0, H1〉+ d |V0, V1〉

= (ah†0h†1 + bh†0v

†1 + cv†0h

†1 + dv†0v

†1) |0〉 (1)

where the photons are temporally indistinguishable, op-

erator q†i r†s creates q, r ∈ {h, v} polarization photons in

spatial modes i, s ∈ {0, 1, 2, 3}, (1 + δqrδis)-1/2q†i r

†s |0〉 =

|QiRs〉, and [qi, r†s] = δqrδis holds. We calculate the ex-

pected detection signature for this state in the BSA bydefining the operator transforms under the symmetricbeamsplitter as [20, 23]

h†0BS→(h†2 + ih†3

)/√

2 h†1BS→(ih†2 + h†3

)/√

2 (2)

v†0BS→(v†2 − iv

†3

)/√

2 v†1BS→(−iv†2 + v†3

)/√

2 (3)

where h†0 is the creation operator for |H0〉, etc. The cor-responding post-beamsplitter state is

|θ′〉= (1/2)[ia(h†22 + h†23 )− id(v†22 + v†23 ) + i(b− c)h†2v†2

− i(b− c)h†3v†3 + (b+ c)h†2v

†3 + (b+ c)v†2h

†3] |0〉 (4)

and the complete set of detection probabilities

Ph2h2= Ph3h3

= |a|2/2 (5)

Pv2v2 = Pv3v3 = |d|2/2 (6)

Ph2v3 = Ph3v2 =[|b|2 + |c|2 + (b∗c+ bc∗)

]/4 (7)

Ph2v2 = Ph3v3 =[|b|2 + |c|2 − (b∗c+ bc∗)

]/4. (8)

As required, the sum over all probabilities is unity. Coin-cidence probabilities involving different polarizations arerelated to the overlap of the input state in Eq. (1) withΨ±, i.e.,

Ph2v3 + Ph3v2 = |⟨θ|Ψ+

⟩|2 (9)

Ph2v2 + Ph3v3 = |⟨θ|Ψ−

⟩|2. (10)

We use the observed BSA detection statistics to dis-tinguish the Bell-state prepared by the secure enclavefrom any other possible signal state. We define thepolarization-correlation parameter

E ≡ Ph2v3 + Ph3v2 − Ph2v2 − Ph3v3 (11)

1 A complete BSA is possible using linear optics and hyperentan-glement [20–22].

which is positive (negative) when orthogonal polariza-tions at different (same) ports is most probable. For themonochromatic pure state of Eq. (1)

E = b∗c+ bc∗. (12)

The utility of E is that it places tight lower bounds on thestrength of the correlations expected from the receivedstates. For example, consider the separable state

|θs〉=(cosαh†0 + eiA sinαv†0)(cosβh†1 + eiB sinβv†1) |0〉(13)

for which

a = cosα cosβ b = eiB cosα sinβ (14)

c = eiA sinα cosβ d = ei(A+B) sinα sinβ, (15)

in Eq. (1) with phases α, β,A,B ∈ [0, 2π]. This restrictedstate leads to the correlation parameter

Es = sin 2α sin 2β cos(A−B)/2 (16)

that is strictly bounded as

− 1/2 ≤ Es ≤ 1/2. (17)

More generally, any separable mixture

ρs =∑k

wk∣∣θks ⟩ ⟨θks ∣∣ ,

with wk ≥ 0 and |θk〉 the k-th pure state also satisfiesthis bound, since∣∣∣∣∣∑

k

wkEks

∣∣∣∣∣ ≤∑k

wk/2 = 1/2. (18)

By comparison, the entangled states Ψ+ and Ψ− haveE = 1 and E = −1, respectively, while the cross-correlation parameter vanishes for the Φ(±) states. Thus,E > 1/2 indicates an entangled state, but E is not anentanglement metric. The sharp distinction in the pa-rameter E permits us to classify an arbitrary input stateas either Ψ-like entangled or not.

The analysis above neglects the finite temporal du-ration of each single-photon wavepacket in favor of asimplified monochromatic representation of the polarizedstates. In order to accurately model the time-of-arrivalfor each photon, we represent the Bell-state generated bythe source as a multi-mode entangled photon pair∣∣Ψ+

⟩=

1√2

∫dω

∫dω′f(ω, ω′)

×[h†0(ω)v†1(ω′) + v†0(ω)h†1(ω′)

]|0〉 . (19)

where f(ω, ω′) is the joint spectral amplitude of the pho-

ton pair and j†i (ω) creates a single j ∈ {h, v} polarizationphoton in spatial mode i ∈ {0, 1, 2, 3} with frequency ω.

4

For these continuous operators the commutation relationis

[ji(ω),ˆ†s(ω′)] = δj`δisδ(ω − ω′) (20)

The symmetric beam splitter relations are the same as inthe single frequency case, Eq. (2) and (3), and instead ofthe state given in Eq. (4), we have the post-beamsplitterstate

|θΨ+〉 =1

2√

2

∫dω

∫dω′f(ω, ω′)eiω

′td×(−i[h†2(ω)v†2(ω′)− v†2(ω)h†2(ω′)]

− i[v†3(ω)h†3(ω′)− h†3(ω)v†3(ω′)]

+ [h†2(ω)v†3(ω′) + h†2(ω′)v†3(ω)]

+[v†2(ω′)h†3(ω) + v†2(ω)h†3(ω′)])|0〉

where td is the potential delay between the reference andactive photon arrival times. This delay arises when thepath length of active photon is shortened (td < 0) orlengthened (td > 0). The multi-mode detection proba-bilities are now given as

Pji`s =

∫T

dτ | 〈0| ji(t)ˆs(t+ τ)|Ψ+′

〉|2 (21)

where

ˆji(t) =1√2π

∫dωji(ω)e−iωt. (22)

The joint spectral amplitude for a cw-pumped type-IISPDC source is modeled as

f(ω, ω′) = δ(ω + ω′ − ωp)sinc (∆kL/2) (23)

where the longitudinal wave vector mismatch ∆k de-pends on the group velocity for the ordinary and extraor-dinary optical axes [24, 25]. In this regime, the detectionprobabilities become

Ph2v2 = Ph3v3 =1

4[1−∧ (2td/∆t)] (24)

Ph2v3 = Pv2h3=

1

4[1 +∧ (2td/∆t)] (25)

where ∆t is the propagation delay between ordinary andextraordinary photons travelling the full length of thenonlinear crystal [24].

∧ (x) =

{1− |x| if |x| ≤ 1

0 otherwise.(26)

These results converge to the monochromatic case whenthe delay td = 0, whereas if tampering delays the photonin the active fiber, but preserves the polarization entan-glement, then the delay adds temporal distinguishabilityto the photons. For the multi-mode case with maximal

FIG. 3. A contour plot of the entanglement parameter Epresented in Eq. (28) with respect to the pure state coefficientsbc∗+b∗c and time delay td. The parameter E has extremalvalues when the input state is maximally polarized and thereis no relative delay between the photons.

polarization entanglement and temporal distinguishabil-ity, the cross-correlation parameter behaves as

Epe =∧ (2td/∆t) . (27)

Therefore, delays greater than a fraction of ∆t are de-tected even if the polarization entanglement is preserved.For our optical implementation, ∆t ≈ 8 picoseconds anda one-way path length difference greater than 300 mi-crons results in |E| ≤ 1/2. As one might expect, it canbe shown that an arbitrary polarization multi-mode purestate has a correlation dependent on both the degree ofpolarization entanglement and temporal distinguishabil-ity,

Emm =∧(2td/∆t)(bc∗ + b∗c). (28)

For td/∆t << 1, we recover the monochromatic resultpresented in Eq. (12). The entanglement dependency re-moves the possibility that the state may be spoofed, whilethe temporal sensitivity limits the adversary’s ability toattack by redirection. In Fig. 3, the temporal and phasespace of the parameter E is represented graphically.

B. Entanglement Parameter Estimation

We detect entanglement by estimating E from the cor-related polarizations measured by the BSA. Due to thesymmetry of the BSA, the coincident probabilities in

5

Eqs. (5)-(8) satisfy

Ph2h3=Pv2v3 = psd/2 (29)

Ph2h2=Ph3h3

= Pv2v2 = Pv3v3 = pss/4 (30)

Ph2v2 =Ph3v3 = pds/2 (31)

Ph2v3 =Pv2h3= pdd/2 (32)

where subscripts s and d denote detections as being sameor different, respectively, in the polarization and outputmode. We estimate E from these four parameters.

We estimate the set of coincident probabilities P ={psd, pss, pds, pdd} from the experimentally observed co-incidence counts cij∀i, j ∈ {s, d}. However, the relativefrequency of these measured rates do not directly corre-spond to the probabilities due to several technical limits.First, the SPDC source described in Sec. III is known toresult in registering accidental coincidences between pho-tons from different entangled pairs and to a lesser degreephoton-dark count coincidences. These so-called “acci-dentals” are rare but add a contribution cacc to the ob-served coincidences. Second, the efficiencies for each jointtwo-photon pathway are typically different. Our firstcorrection removes contributions from accidental coinci-dences and eliminates joint efficiency asymmetries withthe formula

c′i =ηminηi

(ci − cacc) (33)

where i∈{h2h3, v2v3, h2h2, v2v2, h2v2, h3v3, h2v3, v2h3},ci is the raw coincidence count, ηi ∈ [0, 1] is the jointpathway efficiency for coincidence i, and ηmin is the leastof these joint pathway efficiencies. Since ηmin/ηi ≤ 1,normalization typically increases the uncertainty in theentanglement estimate. We sum all coincidences thatbelong to the same coincidence type, ss, sd, ds, or dd,

ksd = c′h2h3+ c′v2v3 (34)

kss = c′h2h2+ c′v2v2 (35)

kds = c′h2v2 + c′h3v3 (36)

kdd = c′h2v3 + c′h3v2 , (37)

to obtain coincidence type totals κ={ksd, kss, kds, kdd}.The last technicality is that our experimental proto-

type monitors statistics in only one arm of the BSA,which reduces the number of observed same-port same-polarization coincidences by a factor of a half relative tothe expected value. Comparing Eq. (30) and (35), wesee that monitoring only one port for same-port same-polarization coincidences results in the absence of cor-rected counts ch3h3

and cv3v3 from Eq. (35). Addi-tionally, we use non-photon number resolving detectors,which reduces the recorded number of events by an ad-ditional factor of one half for these same-port same-polarization events. The joint efficiencies given above aredetermined relative to the actual number of photons ina given pathway. Thus, the joint efficiencies given abovedo not account for the losses relevant to same-port same

polarization coincidence events. In principle, we coulddetermine joint efficiencies that would account for theseevents, but it would greatly increase the uncertainty inour parameter. Instead, we maximize the certainty of ourparameter estimation by including these known losses di-rectly into the model. This is done by averaging over allpossible values of the true number of same-port, same-polarization events nss. The resulting probability distri-bution for P given normalized coincidence type totals κis

P (P|κ) =pksdsd p

kdsds p

kdddd

∑∞nss=kss

(nss

kss

) (pss4

)nss

P (κ)(38)

P (κ) is the numerator integrated over all possible valuesof coincident probabilities, psd, pss, pds, and pdd.

Given the set of normalized coincidences totals κ, weestimate E as the mean

Eκ =

∫P (P|κ)(pdd − pds)dP (39)

which yields

Eκ =(kdd − kds)2F1(1+kss, 1+kss; 5+n; 1

4 )

2F1(1+kss, 1+kss; 4+n; 14 )

(40)

where n = ksd+kss+kds+kdd and 2F1(a; b; c) is the reg-ularized hypergeometric function. We similarly calculate(E2)κ

to derive the variance σ2κ =

(E2)κ− (Eκ)

2in the

estimate.

C. Tamper Detection

Under normal operation, the quantum seal transmitspolarization-entangled states through the active and ref-erence fibers and the BSA measurements yield an esti-mate for the entanglement parameter E . When the esti-mate Eκ exceeds the bound of 1/2, then the seal confirmsthat the received photon pairs are entangled. This useof quantum integrity verification certifies that the sealis unmolested. Moreover, the presence of entanglementis doubly indicative, as it confirms that the photon in-jected into the active fiber is both the same photon re-trieved from the active fiber and that the path lengthdifference between the reference and active fiber links ismuch smaller than the single-photon coherence length.

By contrast, quantum integrity verification fails whenthe estimate Eκ lies below the threshold value of 1/2.This occurs in presence of tampering due to either atemporal shift in the photon time-of-arrival or a loss ofentanglement between the photons from the intercept-resend attack. However, verification may also fail becauseof technical noise during transmission and measurement,e.g., decoherence of the entangled state. Therefore it isnecessary to quantify the probability to accurately detecttampering as well as the rate at which detection fails.

6

We formalize the tamper detection problem as a bi-nary decision in which the estimate of E decides betweentwo possible hypothesis [26]. Under the positive hypoth-esis H1, tampering is indicated when the entanglementestimate Ek is below a detection threshold defined as ε.Under the null hypothesis H0, the transmitted entangle-ment is preserved and the estimate exceeds the thresholdε. We gain greater confidence in our decision by choos-ing ε > 1/2 but at the expense of a higher probability offalse alarm rate, i.e., classifying entangled states as beinginauthentic.

We characterize normal operation of the seal by anaverage entanglement parameter E1 and its correspond-ing variance σ2. The nominal value E1 characterizes theamount of entanglement expected from the system in theabsence of tampering. This value also characterizes thequality of the transmission and includes effects due toenvironmental decoherence. We also define the expecta-tion value in the presence of tampering as |E0| ≤ 1/2,which follows from the known the theoretical limitationsof the entanglement parameter, and we will assume thatthe variance is the same as under normal operation, σκ.Given an estimate Eκ, our task is to decide whether tam-pering has occurred,

H0 : Eκ = E0 + e ≤ ε, (41)

or not,

H1 : Eκ = E1 + e > ε (42)

In both hypotheses, e represents a zero-mean Gaussianrandom variable with average variance σ2

κ, while the de-tection threshold ε will depend on the implementation.For example, the threshold value should be chosen tolimit the number of false alarms as well as to limit thepossibility of successful spoofing. The probability distri-bution for Eκ under each hypothesis is closely approxi-mated by the Gaussian

P (Eκ|Ei, σκ) ≈ 1√2πσ2

κ

exp

[− (Eκ − Ei)2

2σ2κ

](43)

where i ∈ {0, 1}.The discrimination of two constant signals in the pres-

ence of Gaussian noise is a well known problem in binarydetection theory [26]. The probability to detect tamper-ing is given as

PD =1

2erfc

(E0 − ε√

2σκ

). (44)

where

erfc(x) =2√π

∫ ∞x

e−z2

dz (45)

is the complimentary error function. The correspondingprobability for spoofing is

PS = 1− PD (46)

while the probability of a false alarm, in which an au-thentic signal is misidentified as spoofed, is

PFAR =1

2erfc

(E1 − ε√

2σκ

)(47)

The probability of detection and false alarm characterizeoperation of the seal for a given threshold ε, and theparametric dependence of PD and PFAR are presentedby the receiver operating characteristic curve in Fig. (4).Therefore, operation of the seal can be tuned by selectinga detection threshold ε that provides a desired probabilityof detection or false alarm rate.

FIG. 4. The receiver operating characteristic (ROC) curvesdisplay a parametric plot of the probability of detection PD

versus the false alarm rate rate PFAR. Assuming that tam-pering yields E0 = 1/2 with uncertainty σ = 0.1, we plot thebehavior for baseline entanglement values of E1 = 0.55, 0.7,and 0.85. Our experimental prototype exhibits much smalleruncertainty and higher baseline entanglement.

It is apparent from Fig. 4 that tampering can be de-tected with very high probability when the normal op-erating value E1 is close to the theoretical maximum of±1. This is due to the sharp transition separating au-thentic and spoofed signal as represented by the boundsin Eq. (17), which may be violated by many orders ofstandard deviation when transmitting the Ψ± entangledstate. Note that it is also possible that during the timeT required to estimate E that an intruder may inject anunentangled state for some duration t < T . The presenceof the injected state would prepare a mixture of actualand spoofed states with the entanglement estimated as

E(t, T ) =t

TE0 +

(T − t)T

E1 (48)

Intrusions would be indicated when E(t, T ) < ε, i.e., for

t >(E1 − ε)

(E1 − E0)T .

Since E0 may be at most 1/2 and E1 is a constant ofthe system, the duration for this short-time spoofing de-

7

creases linearly with the threshold ε. Moreover, the prob-ability of detection increases nonlinearly with ε, as seenin Eq. (45), and short-time attacks can be detected withhigh probability at a relatively low false alarm rate usingonly moderate increases in detection threshold. Short-time attacks may also be mitigated by decreasing theduration T used for estimating the entanglement.

While entanglement excludes spoofing the measure-ment apparatus with a cloned state, a savvy adversarymay attempt to redirect the active photon away fromthe tamper seal in order to access the surveyed area.The estimated entanglement in this scenario will behavenormally when the optical path length of the redirectedphoton is exactly matched. We address this vulnerabil-ity in our implementation by making the entanglementestimate sensitive to sub-millimeter disturbances in theexpected path length. Such tolerances can be adjustedto fit application-specific requirements, for example, bybroadening the spectral bandwidth of the single-photonstates emitted from the source. Temporal shaping willretain the spectral entanglement required for tamper de-tection and converge on interferometric fringe stability inthe infinite bandwidth limit. This offers greater systemstability as well as increased sensitivity to the redirectionattack.

Depending on the length of the optical fiber used andthe location of deployment, variations in the ambienttemperature may alter the active and reference fiber pathlengths. Fibers exposed to different ambient conditionsmay experience a change in path length ∆L (m) that isproportional to the initial fiber length L0 (m) and tem-perature change ∆T (◦C),

∆L =αL0

m ·◦C∆T (49)

with thermal expansion coefficient α = 10−6 being a highestimate [27]. Consider the example of L0=1 km for eachof the active and reference fibers and a temperature dif-ferential ∆T=± 10◦C. This produces a round-trip pathlength change of ∆L=± 20 mm. This change is largeenough to distinguish the active and reference photonstemporally while also small enough to be compensatedby simple adjustments to the reference path length. Forexample, a free-space coupler mounted on a translatablestage can be used to regulate the path length alongsideenvironmental monitoring.

The expected changes in path length due to time ofday and weather patterns are relatively slow and verydistinct from the sudden, unexpected changes in pathlength that result from tampering. The quantum seal issensitive to effects on the time scale T , and this includessudden changes in environmental conditions such as pres-sure on the fiber or a rapid rise in temperature. The sealdoes not discriminate between intentional and uninten-tional acts that modify decoherence in the transmissionchannel. However, our theoretical account of stochasticfluctuations on the estimate demonstrate that the prob-ability of detection remains high even for moderate value

of σκ, cf. Eq. (44).We also examine the attack in which an intruder re-

places the active link with an exact replica. This re-placement attack may be technically challenging, but itis nonetheless physically possible. Implementing the at-tack would require first characterizing the active fiberlink, then severing the original transmission channel andjoining the replica fiber to both the transmitter and re-ceiver, and finally coupling the photon into the replicalink. These steps are easily detectable as they modifythe physical properties of the fiber and break the con-tinuity of transmission. Alternatively, the seal systemcould be depowered so that optical continuity was bro-ken at the source. A blackout event would again indicatetampering and when power was returned to the system, asystem calibration procedure that included checking fiberinstallation would reveal evidence of the replacement at-tack.

III. EXPERIMENTAL IMPLEMENTATION

In this section, we detail the experimental implemen-tation of the quantum seal modeled in Sec. II and Fig. 1.A schematic of the experimental layout is shown inFig. 5, in which the entangled light source is based oncw-pumping of type-II spontaneous parametric down-conversion (SPDC) in a nonlinear optical PPKTP (pe-riodically polled potassium titanyl phosphate) crystalwithin a Sagnac loop. This configuration generates apolarization-entangled pair state Ψ+ [28]. The narrow-band pump laser operates at 405 nm and a power of ap-proximately 1 mW. At this power, the source generatesapproximately 1.2 million photon pairs per second. Thenonlinear PPKTP crystal is 30 mm in length and phase-matched to produce near-degenerate energy collinearphoton pairs with orthogonal polarizations. These pho-tons have a central wavelength centered an 810 nm witha 0.5 nm bandwidth.

The entangled light source transmits each photonof the entangled pair to separate polarization phase-maintaining circulators. For convenience, we use lossy,but easily configured, symmetric beamsplitters as circu-lators. As opposed to more elaborate setups, this reducesthe overall photon pair collection efficiency by 90% andrepresents the dominant loss mechanism. Whereas thissetup is sufficient for our proof-of-principle demonstra-tion, future tamper seals would benefit from using moreefficient dual polarization phase preserving optical circu-lators. Following the circulators, one photon is output tothe active fiber, while the other is routed to the referencefiber. We use 20-m single-mode fibers for both the activeand reference links with polarization controllers to cor-rect for polarization rotation that occurs during the fiberround-trip. Polarization entanglement would be reducedor lost completely without this correction. We includean optical delay stage at the terminal of the active fiberin order to implement redirection attacks.

8

Once the active and reference photons have completedthe round trip through the respective fibers, they arerouted to a Bell-state analyzer consisting of symmet-ric beamsplitters, polarization beamsplitters, and single-photon detectors. Our BSA is modeled after the designshown in Fig. 2, but we do not monitor the full set ofpossible coincidences. This is due to the symmetry ex-pected for the detection probabilities given by Eqs. (5)-(8). This comes at the expense of a reduced data set sizeand correspondingly greater uncertainty in the param-eter estimate, but reduces the number of single-photondetectors needed. We use Perkin-Elmer (now Excelitas)SPCM devices which have an efficiency of 0.4 at photonwavelength 810 nm. Due to pathway efficiencies rangingfrom 5 − 6 × 10−3 we observe single-photon counts persecond (cps) in the range of 2− 6× 103 cps and averagecoincidence rates in the range of 0-15 cps.

We measure photon time-of-arrival by monitoring theoutput signal from the detector array. Photon detectiontriggers a detector to output a 25 ns TTL pulse thatis then timestamped and logged according to detectoridentifier. We implement timestamping by sending theTTL pulses to an FPGA (field programmable gate ar-ray) configured with a custom daughter card that con-nects up to eight coaxial cables to input pins. We havereported previously on the use of FPGA’s for perform-ing single-photon detection, in which we timestamp eachTTL pulse against the FPGA clock and store the result-ing data alongside the input channel identifier [29]. In thecurrent implementation, we use a Zedboard system-on-a-chip composed from an FPGA and ARM processor.2

We operate the FPGA using a 10 ns clock cycle for the

FIG. 5. The experimental schematic for our prototypetamper-indicating quantum seal showing its four major com-ponents: (a) a polarization-entangled photon source, (b) 20meter single-mode fiber-optic channels for the reference andactive links, (c) polarization-entanglement verification basedon Bell-state analyzer, and (d) timestamping electronics inte-grated with a processor to transmit observed coincidences toa host computer for parameter estimation.

2 http://www.zedboard.org

detection system. Stored timestamp data is then aggre-gated and packetized by custom software running on theARM processor within the Xillinux operating system.3

These packets are then transmitted over Ethernet usingthe UDP protocol to a host computer where the entan-glement parameter is estimated [30].

We experimentally detect tampering by estimating Eusing the prototype quantum seal. The results are shownin Fig. 6, where the dependence of Eκ is plotted againsttuning of the entanglement in the input state and therelative difference between the active and reference paths.These plots correspond to modifying the delay and phaseparameters of Eq. (28). Assuming the source generatesthe Ψ+ Bell state, the entanglement parameter is

E =∧(2td/τc)Cos (φ+ π) . (50)

which clearly depends on the optical delay td and therelative phase φ. Settings of φ=0 and φ=π correspondto the Bell states Ψ− and Ψ+ , respectively. By adjust-ing the phase φ, we tune the state that was returned tothe detector from being authentic to inauthentic. Thiswas accomplished experimentally by modulating, chang-ing the applied voltage, a liquid crystal waveplate in theactive photon path as seen in Fig. 5. The temporal de-lay td was adjusted by translating the reflection mirrorat the end of the active fiber.

The experimentally estimated entanglement parameteris shown in Fig. 6, where a maximum value of |Eκ| ≈ 0.8is obtained. This statistically significant estimate is wellabove the separable bound of 0.5 and a clear signatureof entanglement as nominal behavior. Figure 6(b) showshow the estimate varies as the phase of prepared state isvaried and the detected state is rotated from Ψ+ to Ψ−.In addition, Figs. 6(c) and (d) show how sub-millimeterpath length delays lead to decreases in the estimated en-tanglement.

For the system demonstrated here, each entanglementestimate Eκ is calculated from coincidences collected dur-ing a 10 second sampling window interval. For thissampling interval, we observe combined raw coincidentcounts of ci ∈ {0, 400} with corresponding standard de-viation σκ = 0.03 − 0.04. Using these experimentallymeasured parameters, the detection theory presented inSection II yields greater than 0.9999 probability of de-tecting inauthentic signals with a false alarm chance of10−9 when using 10 second sampling interval. Longersampling windows lead to even lower false alarm rates.

Several factors contribute to reduction in the entan-glement estimate from a maximal value of 1. Foremostis the imperfect correction offered by the polarizationcontrollers, which are subject to drift during acquisitiontime. The use of Faraday rotators at the fiber termi-nals can provide better correction for this type of systemnoise. Interfaces between the optical fibers and free-space

3 http://www.xillybus.com

9

FIG. 6. a) This contour plots the theoretical value of pa-rameter E versus phase and path length delay (mm). Red,black, and green dotted lines indicate the range over whichthe experimental data in plots b), c), and d) are taken. b)Experimental values for E as the phase of the polarizationentangled state is modulated with a liquid crystal waveplate.At 0 and π phase the Ψ− and Ψ+ states are obtained, respec-tively. c) Experimental values for E in the state Ψ− as theactive photon’s path length is increased length. d) Experi-mental values for E in state Ψ+ as the active photon’s pathlength is increased length.

optics also degrade the entanglement, with unwantedreflections causing photon pairs to become temporallydistinguishable and polarization uncorrected. These re-sulted in unwanted coincidence events that did not par-ticipate in HOM interference. Future improvements tothe seal design should make use of more stable Faradaymirrors to overcome the need to correct the polarization,and angled optical fiber connectors to eliminate the un-wanted reflections.

IV. CONCLUSIONS

We have reported on the design, operation, and im-plementation of a tamper-indicating quantum seal. Ourapproach is based on transmitting polarization-entangledphoton pair states over optical fibers and monitoring thereceived entanglement in near real-time. We estimatethe received entanglement from measured coincidencesin a Bell-state analyzer. We show that the entanglementparameter E is sufficient to discriminate between the en-tangled states transmitted by the seal and those statesthat have been modified by an intruder.

We have also presented a detailed theoretical model ac-counting for the seal operation including its physics andan analysis of its performance in terms of binary detec-tion theory. We have also provided a detailed experimen-tal implementation of the major subsystems, including anentangled photon pair source based on cw-pumped SPDCand a Bell-state analyzer based on two-photon interfero-metric time-of-arrival measurements. We have integratedthese subsystems with an entanglement monitoring sys-tem, and we have reported the performance of this sealimplementation in terms of the generated entanglement,acquisition time, state phase, and temporal delay as theyrelate to entanglement detection sensitivity. Based onthese results, we conclude that the seal detects spoofedstates with a probability (PD > 0.9999) at a very lowfalse alarm rate (PF � 10−9) for a 10 second time inter-val. In conclusion, the tamper-indicating quantum sealpresented here offers unprecedented surety in the detec-tion of intrusion against fiber optical seal systems. Ap-plications in containment and surveillance technologies,as well as telecommunications security and fiber-basedsensors, are likely to benefit from the adaption of theseideas.

ACKNOWLEDGMENTS

This work was supported by the Defense Threat Re-duction Agency. This manuscript has been authoredby UT-Battelle, LLC, under Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy. TheUnited States Government retains and the publisher, byaccepting the article for publication, acknowledges thatthe United States Government retains a non-exclusive,paid-up, irrevocable, world-wide license to publish or re-produce the published form of this manuscript, or allowothers to do so, for United States Government purposes.

[1] B. Griffiths, in Security Technology, 1995. Proceedings.Institute of Electrical and Electronics Engineers 29th An-nual 1995 International Carnahan Conference on (1995)pp. 325 –330.

[2] A. Chtcherbakov, P. Swart, and S. Spammer, in Indus-trial Electronics, 1998. Proceedings. ISIE ’98. IEEE In-ternational Symposium on, Vol. 1 (1998) pp. 267 –270.

[3] M. Szustakowski and M. Zyczkowski, Proc. SPIE 5954,59540C (2005).

10

[4] J. Juarez, E. Maier, K. N. Choi, and H. Taylor, Light-wave Technology, Journal of 23, 2081 (2005).

[5] P. R. V. Horton and I. G. Waddoups, Active fiber op-tic technologies used as tamper-indicating devices, Tech.Rep. SAND95-2279 (Sandia National Laboratory, 1995).

[6] R. G. Johnston, The Nonproliferation Review 8.1, 102(2001).

[7] W. K. Wootters and W. H. Zurek, Nature 299, 802(1982).

[8] D. Dieks, Phys. Lett. A 92, 271 (1982).[9] V. Scarani, S. Iblisdir, N. Gisin, and A. Acin, Rev. Mod.

Phys. 77, 1225 (2005).[10] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, Rev.

Mod. Phys. 74, 145 (2002).[11] N. Lutkenhaus, Phys. Rev. A 54, 97 (1996).[12] P. W. Shor and J. Preskill, Phys. Rev. Lett. 85, 441

(2000).[13] K. Bartkiewicz, K. Lemr, A. Cernoch, J. Soubusta, and

A. Miranowicz, Phys. Rev. Lett. 110, 173601 (2013).[14] T. S. Humble, R. S. Bennink, W. P. Grice, and I. J.

Owens, Proc. SPIE 7342, 73402H (2009).[15] B. P. Williams, T. S. Humble, and W. P. Grice, Phys.

Rev. A 90, 042121 (2014).[16] P. M. Anisimov, D. J. Lum, S. B. McCracken, H. Lee,

and J. P. Dowling, New Journal of Physics 12, 083012(2010).

[17] M. Malik, O. S. Magana-Loaiza, and R. W. Boyd, Ap-plied Physics Letters 101, 241103 (2012).

[18] H. Weinfurter, EPL (Europhysics Letters) 25, 559(1994).

[19] S. L. Braunstein and A. Mann, Phys. Rev. A 51, R1727(1995).

[20] C. Schuck, G. Huber, C. Kurtsiefer, and H. Weinfurter,Physical review letters 96, 190501 (2006).

[21] M. Barbieri, G. Vallone, P. Mataloni, and F. De Martini,Physical Review A 75, 042317 (2007).

[22] J. T. Barreiro, T.-C. Wei, and P. G. Kwiat, Naturephysics 4, 282 (2008).

[23] Z.-Y. J. Ou, Multi-photon quantum interference(Springer, 2007).

[24] A. Sergienko, Y. Shih, and M. Rubin, JOSA B 12, 859(1995).

[25] W. P. Grice and I. A. Walmsley, Phys. Rev. A 56, 1627(1997).

[26] H. van Trees, Detection, Estimation, and ModulationTheory, Part I (Wiley-Interscience, 2001).

[27] P. K. Bachmann, D. Wiechert, and T. Meeuwsen, Jour-nal of materials science 23, 2584 (1988).

[28] T. Kim, M. Fiorentino, and F. N. C. Wong, Phys. Rev.A 73, 012316 (2006).

[29] R. C. Pooser, D. D. Earl, P. G. Evans, B. Williams,J. Schaake, and T. S. Humble, Journal of Modern Optics59, 1500 (2012).

[30] T. S. Humble and R. J. Sadlier, Optical Engineering 53,086103 (2014).