Book contents
- Frontmatter
- Contents
- Foreword
- Preface
- Acknowledgments
- 1 Introduction
- 2 Classical cryptography
- 3 Information theory
- 4 Quantum information theory
- 5 Cryptosystems based on quantum key distribution
- 6 General results on secret-key distillation
- 7 Privacy amplification using hash functions
- 8 Reconciliation
- 9 Non-binary reconciliation
- 10 The BB84 protocol
- 11 Protocols with continuous variables
- 12 Security analysis of quantum key distribution
- Appendix symbols and abbreviations
- Bibliography
- Index
10 - The BB84 protocol
Published online by Cambridge University Press: 04 August 2010
- Frontmatter
- Contents
- Foreword
- Preface
- Acknowledgments
- 1 Introduction
- 2 Classical cryptography
- 3 Information theory
- 4 Quantum information theory
- 5 Cryptosystems based on quantum key distribution
- 6 General results on secret-key distillation
- 7 Privacy amplification using hash functions
- 8 Reconciliation
- 9 Non-binary reconciliation
- 10 The BB84 protocol
- 11 Protocols with continuous variables
- 12 Security analysis of quantum key distribution
- Appendix symbols and abbreviations
- Bibliography
- Index
Summary
The publication of the BB84 protocol by Bennett and Brassard in 1984 [10] marks the beginning of quantum key distribution. Since then, many other protocols have been invented. Yet, BB84 keeps a privileged place in the list of existing protocols: it is the one most analyzed and most often implemented, including those used in commercial products, e.g., [91, 113].
In this chapter, I define the BB84 protocol, although I already described it informally in Section 1.1. The physical implementation is then investigated. Finally, I analyze the eavesdropping strategies against BB84 and deduce the secret key rate.
Description
Alice chooses binary key elements randomly and independently, denoted by the random variable X ∈ χ = {0, 1}. In this protocol, there are two encoding rules, numbered by i ∈ {1, 2}. Alice randomly and independently chooses which encoding rule she uses for each key element.
In case 1, Alice prepares a qubit from the basis {|0〉, |1〉} as
In case 2, Alice prepares a qubit from the basis {|+〉, |−〉} as
On his side, Bob measures either Z or X, yielding the result YZ or YX, choosing at random which observable he measures. After sending a predefined number of qubits, Alice reveals to Bob the encoding rule for each of them. They proceed with sifting, that is, they discard the key elements for which Alice used case 1 (or case 2) and Bob measured Z (or X). For the remaining (sifted) key elements, we denote Bob's sifted measurements by Y.
- Type
- Chapter
- Information
- Quantum Cryptography and Secret-Key Distillation , pp. 159 - 182Publisher: Cambridge University PressPrint publication year: 2006