BB84 is a quantum key distribution scheme developed by Charles Bennett and Gilles Brassard in 1984.[1] It is the first quantum cryptography protocol.[2] The protocol is provably secure assuming a perfect implementation, relying on two conditions: (1) the quantum property that information gain is only possible at the expense of disturbing the signal if the two states one is trying to distinguish are not orthogonal (see no-cloning theorem); and (2) the existence of an authenticated public classical channel.[3] It is usually explained as a method of securely communicating a private key from one party to another for use in one-time pad encryption.[4] The proof of BB84 depends on a perfect implementation. Side channel attacks exist, taking advantage of non-quantum sources of information. Since this information is non-quantum, it can be intercepted without measuring or cloning quantum particles.[5]

Overview

edit

BB84 QKD system transmits individual photons through a fiber optic cable, with each photon representing a bit of data (zero or one). Polarizing filters on the sender's side set each photon's orientation, while the receiver uses beam splitters to read it. The sender and receiver then compare their photon orientations, with the matching set becoming the cryptographic key.[6]

Description

edit
 
An interactive simulation of an optical implementation of the BB84 quantum key distribution protocol in the Virtual Lab by Quantum Flytrap,[7] available online. In this optical setup, bits are encoded using orthogonal polarization states of photons. Alice and Bob select their measurement bases by rotating the polarization by 0 or 45 degrees using Faraday rotators. Single-photon detectors measure the output after the photons pass through a polarizing beam splitter, which separates the polarizations.

In the BB84 scheme, Alice wishes to send a private key to Bob. She begins with two strings of bits,   and  , each   bits long. She then encodes these two strings as a tensor product of   qubits:

 

where   and   are the  -th bits of   and   respectively. Together,   give us an index into the following four qubit states:

 
 
 
 

Note that the bit   is what decides which basis   is encoded in (either in the computational basis or the Hadamard basis). The qubits are now in states that are not mutually orthogonal, and thus it is impossible to distinguish all of them with certainty without knowing  .

Alice sends   over a public and authenticated quantum channel   to Bob. Bob receives a state  , where   represents both the effects of noise in the channel and eavesdropping by a third party we'll call Eve. After Bob receives the string of qubits, both Bob and Eve have their own states. However, since only Alice knows  , it makes it virtually impossible for either Bob or Eve to distinguish the states of the qubits. Also, after Bob has received the qubits, we know that Eve cannot be in possession of a copy of the qubits sent to Bob, by the no-cloning theorem, unless she has made measurements. Her measurements, however, risk disturbing a particular qubit with probability 1/2 if she guesses the wrong basis.

Bob proceeds to generate a string of random bits   of the same length as   and then measures the qubits he has received from Alice, obtaining a bit string  . At this point, Bob announces publicly that he has received Alice's transmission. Alice then knows she can now safely announce  , i.e., the bases in which the qubits were prepared. Bob communicates over a public channel with Alice to determine which   and   are not equal. Both Alice and Bob now discard the bits in   and   where   and   do not match.

From the remaining   bits where both Alice and Bob measured in the same basis, Alice randomly chooses   bits and discloses her choices over the public channel. Both Alice and Bob announce these bits publicly and run a check to see whether more than a certain number of them agree. If this check passes, Alice and Bob proceed to use information reconciliation and privacy amplification techniques to create some number of shared secret keys. Otherwise, they cancel and start over.

See also

edit

References

edit
  1. ^ Bennett, C. H.; Brassard, G. (1984). "Quantum cryptography: Public key distribution and coin tossing". Proceedings of the International Conference on Computers, Systems & Signal Processing, Bangalore, India. Vol. 1. New York: IEEE. pp. 175–179. arXiv:2003.06557. Reprinted as Bennett, C. H.; Brassard, G. (4 December 2014). "Quantum cryptography: Public key distribution and coin tossing". Theoretical Computer Science. Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84. 560 (1): 7–11. arXiv:2003.06557. doi:10.1016/j.tcs.2014.05.025.
  2. ^ Branciard, Cyril; Gisin, Nicolas; Kraus, Barbara; Scarani, Valerio (2005). "Security of two quantum cryptography protocols using the same four qubit states". Physical Review A. 72 (3): 032301. arXiv:quant-ph/0505035. Bibcode:2005PhRvA..72c2301B. doi:10.1103/PhysRevA.72.032301. S2CID 53653084.
  3. ^ Scarani, Valerio; Bechmann-Pasquinucci, Helle; Cerf, Nicolas J.; Dušek, Miloslav; Lütkenhaus, Norbert; Peev, Momtchil (2009). "The security of practical quantum key distribution". Rev. Mod. Phys. 81 (3): 1301–1350. arXiv:0802.4155. Bibcode:2009RvMP...81.1301S. doi:10.1103/RevModPhys.81.1301. S2CID 15873250.
  4. ^ Quantum Computing and Quantum Information, Michael Nielsen and Isaac Chuang, Cambridge University Press 2000
  5. ^ Dixon, A. R., Dynes, J. F., Lucamarini, M., Fröhlich, B., Sharpe, A. W., Plews, A., Tam, W., Yuan, Z. L., Tanizawa, Y., Sato, H., Kawamura, S., Fujiwara, M., Sasaki, M., & Shields, A. J. (2017). Quantum key distribution with hacking countermeasures and long term field trial. Scientific Reports, 7, 1978.
  6. ^ "What Is Quantum Cryptography? | IBM". www.ibm.com. 2023-11-29. Retrieved 2024-09-25.
  7. ^ Migdał, Piotr; Jankiewicz, Klementyna; Grabarz, Paweł; Decaroli, Chiara; Cochin, Philippe (2022). "Visualizing quantum mechanics in an interactive simulation - Virtual Lab by Quantum Flytrap". Optical Engineering. 61 (8): 081808. arXiv:2203.13300. doi:10.1117/1.OE.61.8.081808.
  NODES
INTERN 1
Note 2