[Physics] Why is quantum teleportation important in cryptography

Question

I think the physical principle is that (Wikipedia):

For every qubit teleported, Alice needs to send Bob two classical bits
of information. These two classical bits do not carry complete
information about the qubit being teleported. If an eavesdropper
intercepts the two bits, she may know exactly what Bob needs to do in
order to recover the desired state. However, this information is
useless if she cannot interact with the entangled particle in Bob's
possession.

So the eavesdropper does not benefit by stealing the two classical bits.
She should interact with the entangled particle in Bob's possession.
However, how is this possible?

Why is quantum teleportation important in cryptography?

Answer 1

TL;DR

Teleportation plays an important role in the theoretical analysis of quantum cryptography. Most of the security proofs work by reducing the considered quantum cryptography protocol, which may or may not be entanglement based, to an equivalent entanglement based protocol, which uses quantum teleportation.

Theoretician's teleportation based QKD protocol

Let's start with a "theoretician's quantum key distribution (QKD) protocol", which is involved, impractical, but the security of which is easy to prove. This protocol would would work as follow :

1. Alice and Bob share many pairs of entangled particles
2. They select randomly a subset of them and make local measurements to check that their particles are in a state close to maximally entangled state. (if not, they abort)
3. Alice then encodes a random string in one set of particles, for example in the rectilinear basis of the polarization of photons
4. She teleports the particles to Bob, which measures the particles and get the secret information (the random string)

Because of step 2. Alice and Bob knows that the entangled state is close to a maximally entangled state, and because of the monogamy of entanglement, that this state cannot be correlated with anything else, in particular with anything under Eve's control. The global quantum state is said to be factorized (i.e. under the form $\left|\Phi^+\right>_{AB}\otimes\left|\psi\right>_E$), and Eve is "factorized out". This allows to easily show that the step 4 does not leak any information to Eve, and that the protocol is secure.

You can also consider using quantum error correction codes in step 1 to add some quantum computing in the mix. It's a theoretician's protocol, after all !

Reducing entanglement based QKD protocols to the previous one

Some QKD protocols are entanglement based. The most famous one is Ekert's E91. They work as follow :

1. Alice and Bob share many pairs of entangled particles
2. They make random measurement on them
3. They reveal a subset of measurement that the state is close to an maximally entangled state and abort otherwise.
4. Since the state is close to a maximally entangled state, the other measurements are perfectly correlated between Alice and Bob, and not correlated with anything else. Eve has been factored out.

The previous protocol works well, doesn't use teleportation, but has a big problem : as soon as the channel used in step 1 and/or the detectors used in step 2 are slightly imperfect, the state is slightly different from the maximally entangled state and Alice and Bob aborts. That prevents any use of it in any realistic scenario.

The solution is to use some classical error correction (information reconciliation in QKD parlance) and privacy amplification (usually based on universal hashing). These information theory based techniques allow us to distribute secret keys if the imperfections are not too big, but they rely on relatively complex data processing which is not easy to analyse theoretically. However, it can be shown that the whole protocol, including this classical post-processing, is equivalent to a teleportation based protocol where the step 1. was made using the relevant quantum error correcting codes. This equivalence allows to prove the security of a practical QKD protocol by reducing to a teleportation based protocols, which is impractical but theoretically easier to analyse.

What about entanglement-less QKD protocols ?

Most practical QKD protocols, and among them the 1st protocol, BB84, do not use any entanglement. They are prepare and measure protocols (P&M) where Alice choses randomly to send the state $\left|\psi_i\right>$ with probability $p_i$, and Bob performs a measurement. If Alice choice is perfectly random (and we assume it is), such a protocol is perfectly equivalent to a protocol where Alice prepares the entangled state $\sum_i\sqrt{p_i}\left|i\right>_A\left|\psi_i\right>_{A'}$, sends the $A'$ particle to Bob and measures the $A$ particle in order to get $i$. So we're back to the previous paragraph and the teleportation based protocol.

Why reducing this the simple protocol (the last one) to a more complex one ?

The main reason we go through these equivalences, is that the teleportation protocol is easier to analyse. More specifically, we can show that no one but Alice and Bob can get any information in the process without having to know much about Eve's attack. In particular, we do not have to enumerate the set of attacks Eve could perform and take the risk to forget one attack.

In short, the teleportation based protocols are easy for theoreticians but a nightmare for experimentalist (you need quantum computers to perform them with error correction !), while the P&M protocol are easy (or at least doable) for experimentalist, but difficult to analyse directly for theoreticians. Except, of course, when they are shown to be equivalent to a teleportation based protocol !