Reply to Comment: Quantum Cryptography Based on Orthogonal States?

Peres [1] claims that our protocol [2] does not present any novel feature, and it is very similar to the oldest protocol of Bennett and Brassard [3] (BB84). We completely disagree with this claim and with other points raised in the Comment. The essential novelty of our protocol is that the carrier of information is in a quantum state belonging to a definite set of orthonormal states. Any other protocol, as well as the BB84 scheme, does not have this feature, and in fact their security is based on that. Let us quote a recent paper [4] stating that: " ... cloning can give a faithful replica, while leaving the state of the original intact, only if it is known in advance that the carrier of information is in a quantum state belonging to a definite set of orthonormal states. If this is not the case, the eavesdropper will not be able to construct even an imperfect cloning device, which would give some information on the carrier without modifying it: a device of this sort would violate unitarity. Therefore coding based on nonorthogonal quantum states (which cannot be cloned) gives the possibility to detect any eavesdropping attempt ". Thus, the security of BB84 (which uses 4 states, not all orthogonal) is assured by the 'no-cloning' theorem, which is not applicable to our case. Peres claims that in our method Eve has access only to nonorthogonal states: " The ρ ± states, as seen by Eve, are not orthogonal. Their are identical ". However, the nonorthogonality (as seen by Eve) in our scheme is not " just as in the BB84 protocol ". As Peres admits, in the case of known sending times our protocol is not secure, yet his nonorthogonality argument remains the same. The security of our protocol is not based on nonorthogonality, but on causality. As we have proved in the Letter [2], a successful eavesdropping is possible only if some information can reach Bob before it leaves Alice's site-therefore, the protocol is secure. This is also the feature of the protocol proposed at the end of the Comment, in which a particle is sent at a known time in one out of two GV interferometers (GV2). A successful eavesdropping is impossible in this case too, otherwise the wavepacket delayed at Alice's location has to reach Bob's site before 1