Field of the invention

The invention relates to a method, device and software for communicating data, comprising quantum key distribution (QKD) for distributing a secure key.

Background of the invention

Quantum key distribution (QKD) allows to distribute a secret code (key) between two distant parties using the quantum mechanical properties of photons. QKD enables inherently safe communication, as an intrusion is detected. This is advantageous compared to classical communication, which is not inherently safe.

US2004109564 (Cerf, van Assche) in its abstract discloses: “One aspect of the present invention is related to a quantum cryptographic scheme comprising at least one sending unit including a physical means of encoding and distributing a raw key in the quadrature components of quantum coherent states that are continuously modulated in phase and amplitude, at least one receiving unit containing a physical means of performing homodyne detection of the quantum coherent states in order to measure the quadrature components of the states, a quantum channel for connecting the sending unit to the receiving unit, a two-way authenticated public channel for transmitting non-secret messages between the sending unit and the receiving unit, a quantum key distribution protocol ensuring that the information tapped by a potential eavesdropper can be estimated from the quantum channel parameters, and a direct or reverse reconciliation protocol that converts the raw continuous data into a common binary key.”

US2015312035 in its abstract discloses: “A permutation method for reconciling bit errors in a quantum key reconciliation protocol performing an iterative reconciliation process, includes: obtaining a bit string through a previous reconciliation step; and permuting bits in athe [..] bit string obtained from athe [..] previous reconciliation step before a subsequent reconciliation step by performing a linear modulo operation based on a length of the bit string and a length of a block for the subsequent reconciliation step.” W02009056871 in its abstract discloses: “A processing arrangement of a data communication apparatus in a Quantum Key Distribution System is arranged to derive an ordered plurality of modulo-2 summations of respective selections of data bits of a binary data set. The data communication apparatus may either be transmitting apparatus with the processing arrangement serving to determine a target syndrome for subsequent use in error correction, or receiving apparatus with the data processing arrangement being arranged to effect error correction of received data. The processing arrangement effects its selections of bits from the binary data set in accordance with the interconnection of nodes in a logical network of nodes and edges that together define at least a continuum of cells covering a finite toroid. The structuring provided to bit selection by this continuum can be offset by randomness provided by other structures of the network and by the random association of bits of the binary data set with the nodes of the continuum. The logical network of nodes and edges represents a graph of a LDPC code used for error correction in said Quantum Key Distribution System. “

WO2020211954 in its abstract discloses: „A device for performing information reconciliation in a Quantum Key Distribution (QKD) system is proposed. The device obtains QKD data. The device further obtains an initial error correction codeword; determines, based on a Signal to Noise Ratio (SNR) and/or Bit Error Rate (BER) of the QKD data, a number of punctures N > 0 to be performed on the initial error correction codeword; and generates an output error correction codeword by puncturing the initial error correction codeword at N positions. Data in the QKD can thus be smoothly processed even under SNR variations. “

In Reconciliation of a quantum-distributed Gaussian key, G. van Assche, J. Cardinal, N.J. Cerf, IEEE Trans. Info. Theory 50, 394, 204, in its summary states: “In QKD using continuous variables, the continuous variables are discretized in bits, for instance 3 bits for each continuous variable. Error correction is then performed, using a binary error correction algorithm, starting with the least significant bit of each variable, then next bit, up to the most significant bit.” This is in fact known as ‘sliced reconciliation’. A segmentation is done on continuous variables, i.e., real numbers. Furthermore, error correction on bits or different significance is not independent.

In “ Reconciliation for practical Quantum Key Distribution with BB84 Protocol”, Nedra Benletaief et al., Arxiv.org, Cornell University library, 201 olin library Cornell University Ithaca, NY 14853 of 16 February 2020, in its summary states: “This paper investigates a new information reconciliation method for quantum key distribution in the case where two parties exchange key in the presence of a malevolent eavesdropper. We have observed that reconciliation is a special case of channel coding and for that existing techniques can be adapted for reconciliation. We describe an explicit reconciliation method based on Turbo codes. We believe that the proposed method can improve the efficiency of quantum key distribution protocols based on discrete quantum states.”

Nedra Benletaief et al.: “Towards efficient quantum key distribution Reconciliation” of 16 February 2020, in its summary states: “In this paper, we propose how to construct a reconciliation method for the 8B84 Quantum Key Distribution (QKD) protocol. Theoretically, it is unconditionally secure because it is based on the quantum laws of physics, rather than the assumed computational complexity of mathematical problems. 8B84 protocol performances can be reduced by various errors and information leakages such as limited intrinsic efficiency of the protocol, imperfect devices and eavesdropping. The proposed reconciliation method allowed to weed out these errors by using Turbo codes. Since their high error correction capability implies getting low errors, this method has high perfor-mance especially when compared to the last method presented in the literature based on Low-Density Parity Check codes (LDPC). In particular, we demonstrate that our method leads to a significant improvement of the protocol security and of the Bit Error Rate (BER) even with great eavesdropping capability.”

Summary of the invention

It is an aspect of the invention to provide an alternative communication method and/or device. A problem was found to lay in imperfections in QKD hardware. For instance, in optical implementations, photon losses or detector dark counts were found to occur. These lead to errors in the “raw” key. These errors need to be corrected to arrive at an error-free key. This process is known as information reconciliation or error correction.

There is provided a method for communicating data through a public classical channel which data is protected using a secure key, the method comprising quantum key distribution (QKD) for distributing a raw key of length N between at least a first and a second party, the method comprising the second party: - receiving the raw key through a quantum channel;

- receiving from the first party through the public classical channel N/n transmissions, each comprising encoded information including N/n small words of length n from the raw key of the second party;

- dividing said raw key into N/n small words of length n;

- processing the small words using an error correction code based upon the small words of length n;

- identifying incorrectly corrected small words using the information from the N/n transmissions from the first party through the public classical channel;

- transmitting to the first party at least one selected from the incorrectly corrected small words, information relating to the incorrectly corrected small words, and a combination thereof;

- receiving from the first party information comprising at least one selected from the correct version of the incorrectly corrected small words, information relating to the correct version of the incorrectly corrected small words, and a combination thereof, and

- constructing the secure key using the information from the first party.

There is further provided a device for communicating data, in particular according to the method of any one of the preceding method claims, comprising a circuit for transmitting data through a data transmission channel that is a public channel, a circuit for receiving data using a quantum channel for transmitting and/or receiving a raw key of length N as a version of the secure key of length N, the device further comprising an integrated circuit, for instance an FPGA implemented circuit, for splitting the raw key of length N up into words of length n, applying an error correction code to a series of n/N words of length n, and constructing the secure key of length N from the series of words of length n.

It was found that the method and devices improve the error correction (decoding) performance in the following ways. The division into small words coupled with the small word retransmission lowers the decoding error rate. It is therefore a robust error correction method. Furthermore or alternatively, for high complexity decoders (that provide a low error rate) the duration of the decoding of words increases superlinearly with the length of the words. Thus, for large messages the decoding becomes a bottleneck in communication speed. The division of the words into small words avoids this bottleneck, and therefore facilitates QKD with long keys. In particular, the current method and system is more robust as it lowers the decoding error rate. It allows large messages and longer keys,

Smaller amounts of information need to be shared. It requires only a single round of interaction between parties. It allows the use of longer keys and provides a larger key generation speed.

Furthermore, it allows implementation in relative simple devices, in fact allowing implementation through hardware devices, for instance implemented in a field- programmable gate array (FPGA) in e flexible and dedicated manner.

In the current invention, a key is transmitted or distributed using a quantum channel. Quantum channels that can be used include one or more fiber optical channels, free space communications which can be ground based, ground-satellite, satellitesatellite.

Furthermore, reconciliation used public channels. Public channel that can be used include all channels that we use for transmitting classical information, like fiber optical channel, twisted pair, free space, and at a higher abstraction level any classical communication channel or network.

The current invention used error correction code. In particular, linear errorcorrecting codes can be used. Examples of suitable error correction codes include for example polar codes, low-density parity check codes (LDPC), turbo codes, and other similar error correction codes known to a skilled person.

In an embodiment, the at least one selected from the incorrectly corrected small words, information relating to the incorrectly corrected small words, encoded information encoded using the incorrect small word, and a combination thereof are fully revealed, i.e. made public. Thus, it is made clear that this incorrect small word should be ignored.

In an embodiment, the second party also receives a version of the raw key from a third party. In an embodiment, the third party distributed the raw key to a series of parties for establishing a secure network of parties.

In an embodiment, the second party receives the raw key from the first party.

In an embodiment, the first party sends the raw key via the quantum channel to a third party and the third party sends the raw key via the quantum channel to the second party.

In an embodiment, the raw key is obtained from a discrete variable QKD protocol. In an embodiment, the raw key corresponds with the quantization of real variables produced by a continuous variable QKD protocol.

In an embodiment, the error-correction post-processing is applied on said raw key using an error-correction code with length n for generating or reconstructing an error- corrected secure key.

In an embodiment, the method further comprises establishing a private quantum communication channel and a public communication channel between at least the first party and the second party, and sharing said secure key of length N between at least the first party and the second party via said private quantum communication channel.

In an embodiment, the correction code wherein n < N, 10*n<N, more in particular 100*n<N, in an embodiment N is at least 10 ^A 6 and n is smaller than 10 ^A 4.

In an embodiment, additional information is transmitted from one selected form the first and second party to one of the second and first party as receiving party, allowing receiving party to correct the words that initially could not be corrected.

In an embodiment, a segmentation is used in combination with a low complexity decoder such as min-sum.

FPGA implementations, most of them use a "low-complexity" decoder such as min-sum and have n between 10 ^A 3 and 10 ^A 4. For min-sum decoder, see P. Hailes, L. Xu, R. G. Maunder, B. M. Al-Hashimi and L. Hanzo, "A Survey of FPGA-Based LDPC Decoders," in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, p, 1098-1122, Secondquarter 2016, doi: 10.1109/COMST.2015.2510381. This reference is incorporated as if fully set forth.

In an embodiment, a low complexity decoder is integrated with the QKD system.

In an embodiment, there is provided a computer program product which, when executed on a data processing device, preforms the current method.

There is further provided a device for communicating data, in particular according to the current method, comprising a circuit for transmitting data through a data transmission channel that is a public channel, a circuit for receiving data using a quantum channel for transmitting and/or receiving a raw key of length N as a version of the secure key of length N, the device further comprising an integrated circuit, for instance an FPGA implemented circuit, for splitting the raw key of length N up into words of length n, applying an error correction code to a series of n/N words of length n, and constructing the secure key of length N from the series of words of length n. In an embodiment of this device, the public channel is selected from an optical communication channel, a free space communication channel, a wired channel, and a combination thereof.

In an embodiment of this device, the quantum channel is selected from an optical channel, a free space channel, and a combination thereof.

There is further provided a device for sending data using quantum key distribution (QKD), comprising a data transmission module for receiving a raw key via a quantum channel and a data transmission module for transmitting data via a public channel, wherein the device comprises an integrated circuit, in particular an FPGA implemented circuit.

There is further provided a method for establishing a secure data communication network of a series of devices using a public channel, comprising the current method for communicating data comprising quantum key distribution (QKD).

For information and further background, the following has been included which is based upon WIKIPEDIA under “Information reconciliation and privacy amplification”.

The quantum key distribution protocols provide Alice and Bob with nearly identical shared keys, and also with an estimate of the discrepancy between their shared keys. These discrepancies of differences can be caused by eavesdropping, but also by imperfections in the transmission channel or transmission line and detectors. As it is impossible to distinguish between these two types of errors (eavesdropping and imperfections), guaranteed security requires the assumption that all errors are due to eavesdropping. Provided the error rate between the keys is lower than a certain threshold (for instance 11% for the QKD protocol BB84), two steps can be performed to first remove the erroneous bits and then reduce Eve's knowledge of the key to an arbitrary small value. These two steps are known in the art as information reconciliation and privacy amplification respectively.

Information reconciliation is a form of error correction carried out between Alice and Bob's keys, in order to ensure both keys are identical. It is usually conducted over a public channel and as such it is vital to minimise the information sent about each key, as this can be read by Eve. A common protocol used for information reconciliation is the ‘cascade protocol’, known as such. This uses several rounds of information exchange between Alice and Bob. They both hold the shared key. Both keys are divided into blocks in each round and the parity of those blocks is compared. If a difference in parity is found then a binary search is performed to find and correct the error. If an error is found in a block from a previous round that had correct parity then another error must be contained in that block; this error is found and corrected as before. This process is repeated recursively, which is the source of the cascade name. After all blocks have been compared, Alice and Bob both reorder their keys in the same random way, and a new round begins. At the end of multiple rounds Alice and Bob have identical keys with high probability; however, Eve has additional information about the key from the parity information exchanged. However, from a coding theory point of view information reconciliation is essentially source coding with side information, in consequence any coding scheme that works for this problem can be used for information reconciliation. Examples of coding schemes are turbo codes, LDPC codes, and polar codes, which are proposed as improvement of the cascade protocol.

As mentioned, Privacy amplification is a method for reducing (and effectively eliminating) Eve's partial information about Alice’s and Bob's shared key. This partial information could have been gained both by eavesdropping on the quantum channel during key transmission (thus introducing detectable errors), and on the public channel during information reconciliation (where it is assumed Eve gains all possible parity information).

There is further or alternatively provided a method for communicating data comprising quantum key distribution (QKD), comprising establishing a private quantum communication channel and a public communication channel, and sharing a secure key of length N between a first party and a second party via said private quantum communication channel, said method further comprising error-correction postprocessing on said secure key using an error-correction code with length n for generating an error-corrected secure key, said error-correction post-processing comprising:

- selecting a correction code wherein n < N, in particular 10*n<N, more in particular 100*n<N;

- dividing said secure key into N/n small words with length n;

- correcting the small words using the correction code;

- transmitting small words which are incorrectly corrected from said second party to said first party;

- transmitting the incorrectly properly corrected small words from said first party to said second party; - constructing the error-corrected secure key using the result of the error correction and information from said first party.

There is further provided method and device for communicating data through a public classical channel, which data is protected using a secure key that is shared between at least a first and second party, the method comprising quantum key distribution (QKD) for distributing the secure key of length N which due to noise is received as a raw key, the method comprising the second party:

- receiving quantum information through a quantum channel;

- deriving its raw key from the quantum information;

- dividing the raw key into N/n small words of length n;

- applying a decoder for identifying information regarding incorrect small words;

- constructing the secure key from its raw key by using information of the incorrect small words.

In an embodiment, both the first and second party apply the method for establishing the secure key that is shared.

The terms “upstream” and “downstream” relate to an arrangement of items or features for instance relative to the propagation of the light from a light generating means (here the especially the first light source), wherein relative to a first position within a beam of light from the light generating means, a second position in the beam of light closer to the light generating means is “upstream”, and a third position within the beam of light further away from the light generating means is “downstream”. This hold also for a flow of information or data, for instance

The term “substantially” herein, such as in “substantially consists”, will be understood by the person skilled in the art. The term “substantially” may also include embodiments with “entirely”, “completely”, “all”, etc. Hence, in embodiments the adjective substantially may also be removed. Where applicable, the term “substantially” may also relate to 90% or higher, such as 95% or higher, especially 99% or higher, even more especially 99.5% or higher, including 100%. The term “comprise” includes also embodiments wherein the term “comprises” means “consists of’.

The term "functionally" will be understood by, and be clear to, a person skilled in the art. The term “substantially” as well as “functionally” may also include embodiments with “entirely”, “completely”, “all”, etc. Hence, in embodiments the adjective functionally may also be removed. When used, for instance in “functionally parallel”, a skilled person will understand that the adjective “functionally” includes the term substantially as explained above. Functionally in particular is to be understood to include a configuration of features that allows these features to function as if the adjective “functionally” was not present. The term “functionally” is intended to cover variations in the feature to which it refers, and which variations are such that in the functional use of the feature, possibly in combination with other features it relates to in the invention, that combination of features is able to operate or function. For instance, if an antenna is functionally coupled or functionally connected to a communication device, received electromagnetic signals that are receives by the antenna can be used by the communication device. The word “functionally” as for instance used in “functionally parallel” is used to cover exactly parallel, but also the embodiments that are covered by the word “substantially” explained above. For instance, “functionally parallel” relates to embodiments that in operation function as if the parts are for instance parallel. This covers embodiments for which it is clear to a skilled person that it operates within its intended field of use as if it were parallel.

Furthermore, the terms first, second, third and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.

The devices or apparatus herein are amongst others described during operation. As will be clear to the person skilled in the art, the invention is not limited to methods of operation or devices in operation.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. Use of the verb "to comprise" and its conjugations does not exclude the presence of elements or steps other than those stated in a claim. The article "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device or apparatus claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

The invention further applies to an apparatus or device comprising one or more of the characterising features described in the description and/or shown in the attached drawings. The invention further pertains to a method or process comprising one or more of the characterising features described in the description and/or shown in the attached drawings.

The various aspects discussed in this patent can be combined in order to provide additional advantages. Furthermore, some of the features can form the basis for one or more divisional applications.

Brief description of the drawings

Embodiments of the invention will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:

Figures 1-3 schematically depicts a layout of transmission channels, in which a central distribution, is used, or a key is transmitted from one party to the next, which in fact may include a receiver transmitting to more than one other party, and

Figure 4 schematically depicts an embodiment of information reconciliation.

The drawings are not necessarily on scale.

Description of preferred embodiments

In (secure) key distribution protocols, two parties which are typically referred to as ‘Alice’ and ‘Bob’, aim at distributing two identical keys as secure key. In figured 1- 3, several setups of a data communication assembly 1 are illustrated. These embodiments all comprise a first party 2, Alice, and a second party 3, Bob. For simplicity, we will say in the following that a party or the distributor distributes or transmits a raw key, while they distribute or transmit quantum states that are then transformed into a raw key upon measurement and possibly classical communication. In figures 1 and 2, a distributor 5 distributes a secure key which is received by parties as raw key 7, 7’ through a quantum channel 6. In figure 1, the distributor 5 transmits the raw key 7, 7’ to both the first party 2 and the second party 3. Due to all types of noise in/through the quantum channel 6, the first party 2 and second party 3 can receive the raw key 7, 7’ distorted, so it will have differences. For this reason, the first and second party 2, 3 need to exchange information in order to restore the raw key 7, 7’. In figure 2, an alternative distribution scheme is illustrated, in which the first party 2 transmits a raw key 7’ to the distributor 5. The distributor 5 in turn transmits the raw key to the second party 3, which then receives the raw key 7’. Again, the first party 2 and second party 3 have to exchange information.

In general, the quantum information exchange between Alice and Bob is via the already discussed channel 6. This implies that Allice and Bob assume that there is a third party, Eve, who can intercept the information that is transmitted.

Figure 3 shows a somewhat different embodiment where Alice transmits a secure key to Bob. In this situation, we also define version of the keys again raw keys 7, 7’. Both parties have a version of the secure key that may comprise noise. In this embodiment, it is in fact not important if Alice has an original secure key, or is in fact a distributor 5 who distributes the secure key. What is important in this embodiment is that Alice and Bob need to be sure that they both have the same, secure, key. To that end, again they need to exchange information through the public channel 11.

The raw keys 7, 7’, can be strings of bits, or a, continuous variable. When information is exchanged between Alice and Bob, there is always the possibility of the eavesdropper, typically referred to as ‘Eve’. In fact, Alice and Bob assume that there is an eavesdropper.

Figures 1-3 depict some possibilities of distributing a secure key, for instance using a distributing party, trusted third party, or just another party, or it can be based on parties transmitting secure keys from one to another.

Figure 1 shows a possible method with devices for communication data. In this example, Alice and Bob seek to exchange information of data using a public channel 11. Once Alice and Bob have their secure keys, they can also use them to communicate via a classical channel which might be different than the one they used for distilling the key (11). In order to secure their communication, they use a secure key. In order to both get the same, secure key, this key is distributed using quantum key distribution (QKD). This can be done between Alice and Bob (and more parties if needed) via a quantum line or channel 6 and an authenticated classical line or channel 11. In the above, examples of such lines and methods are illustrated.

In an embodiment, there is a quantum line or quantum channel 6 and a ‘classical’ line or public channel 11 between Alice 2 and Bob 3 and possibly further parties. In this way, the secure key can be shared. Alternatively, as illustrated in figure 1, a third party is connected via a quantum channel with both Alice and to Bob, and other parties if needed. In this way, a raw key of length N is shared or disseminated.

Both Alice and Bob now split the received raw key in strings or words of length n with n smaller than N. Each word is error-corrected by for instance Alice. If error correction gives a faulty correction, Alice sends information to Bob over a public authentic line. On this line, there is an eavesdropper (Eve). In QKD, the classical channel connecting Alice and Bob is always assumed to be authentic, i.e. Eve can not change the content of the messages or introduce false messages. An authentic channel can be implemented with classical crypto. Then for simplicity, one always assumes that Alice and Bob have implemented such an authentic channel.

The distributing of the secure key between Alice and Bob usually starts with sending signals over a physical line or channel. At the end of the process, Alice and Bob hold strings of length N: x = (xi, . . . , XN) and y = (yi, . . . , yx), respectively. These strings are called the “raw” key.

A goal of an information reconciliation protocol or error correction is to help each party to recover the others party’s string by exchanging information over a public authentic channel. If Bob recovers Alice’s string x, this is referred to as a “direct” reconciliation protocol. In the other case (Alice recovers Bob’s string), it is called a “reverse” reconciliation protocol.

There are at least three important parameters of merit in a reconciliation protocol: The number of bits that are exchanged over the public channel. The eavesdropper Eve is assumed to tap the channel. As a result of this assumption, for each bit exchanged over the public channel the length of the final secure key is reduced by one bit.

The success probability of the reconciliation protocol. If the reconciliation protocol fails, key distribution must start all over from scratch. The number of interactions, i.e. uses of the public channel, that are required. The classical communication requires synchronization which can present a bottleneck. This is the case for instance with a satellite link.

One typical approach to information reconciliation is based upon error correcting codes. A linear error correcting code C with parameters (n, k) protects a string t = (ti, ... , tk) i.e., of length k, against noise by encoding it with the codeword c(t) = (ci, . . . , c _n ) i.e., of length n, such that the additional (n-k) bits help identify errors. In particular, the code C associates with each word w = (wi, . . . , w _n ) (i.e., of length n) a syndrome s(w) = (si, . . . , S(n-k)) such that a word is a codeword if and only if the syndrome s(w) is the all zero string, i.e. s(w) = (0, . . . . , 0).

One can use a code C with parameters (n, k) for information reconciliation as follows. Alice and Bob first share x and y, where y can be interpreted as the result of sending x through a noisy channel. Then Alice sends to Bob s(x), the syndrome of her string x. With the help of this syndrome s(x) and y Bob is able to recover string x.

Because of finite key effects (see, for instance, Tomamichel, M., Lim, C. C. W., Gisin, N., & Renner, R. (2012). Tight finite-key analysis for quantum cryptography. Nature communications, 3(1), 1-6. ), it is necessary to distribute very long “raw” keys. These “raw” keys can be as long as 2 ²⁴ positions/bits. Reconciliation of a long raw key can be challenging. Some reasons are the memory limitations for hardware implementations, the low success probability in some previous solutions (Reference is made, in this context, to Jouguet, Paul, Sebastien Kunz-Jacques, and Anthony Leverrier. "Long-distance continuous-variable quantum key distribution with a Gaussian modulation." Physical Review A 84, no. 6 (2011): 062317) and the superlinear complexity of some decoders, which makes decoding of such long words unfeasible.

An embodiment of the currently proposed reconciliation protocol is as follows.

Suppose a code (n’, k’), with mn - n and m» 1.

1 - Alice divides her string x in m blocks of length n’ : x ¹ , ... , x ^m .

2 - Bob divides his string y in m blocks of length n’ : y ¹ , ... , y ^m .

3 - Bob creates a string, referred to as FailedBlocks, of length m

4 - for each block, i.e. for i = 1 to m, do a. Alice sends s(x ¹ ), i.e. the syndrome of block x ¹ , to Bob through a classical channel. b. Alice sends h(x ¹ ), i.e. a hash of block x ¹ and having length p, to Bob through a public classical channel. c. Bob attempts to recover x ¹ with the help of s(x ¹ ) and block i of his own string y, i.e. using y ¹ . d. If Bobs decoder fails, he sets the i-th bit of Failedblocks to 1, i.e. FailedBlock[i]:=l. e. If Bobs decoder succeeds, it produces x ^l which is an estimate of x. Bob then computes h(x ⁽ ), which is the hash of xf and compares h(x ⁽ ) with h(x ¹ ). If h(x') = hf ¹ ), Bob sets the i-th bit of FailedBlocks to zero, i.e. FailedBlock[i]:=0

5 - Bob sends the string FailedBlocks to Alice.

6 - For all blocks, i.e. for i = 1 to m, do a. If FailedBlocksfi] = 1 Alice sends to Bob over the public channels x\ b. Bob’s guess of block i is: i. if FailedBlocksfi] = 0 then x ^l ii. if FailedBlocksfi] = 1 then x ¹ .

Figure 4 schematically depicts a transmission setup as illustrated above, illustrating in fact step 4.

It will also be clear that the above description and drawings are included to illustrate some embodiments of the invention, and not to limit the scope of protection. Starting from this disclosure, many more embodiments will be evident to a skilled person. These embodiments are within the scope of protection and the essence of this invention and are obvious combinations of prior art techniques and the disclosure of this patent. Reference numbers

1 data communication assembly

2 first party

3 second party 4 eavesdropping/ information intercepting party

5 quantum key distributing system

6 quantum channel

7 7, 7’ raw key

8 8, 8’ raw key divided in words of length n 9 information transmitter/receiver

10 information transmitter/receiver

11 Public information transmission channel

12 12’ small word

13 13’ information encoder/decoder using small word and information