The publication of the BB84 protocol by Bennett and Brassard in 1984 [10] marks the beginning of quantum key distribution. Since then, many other protocols have been invented. Yet, BB84 keeps a privileged place in the list of existing protocols: it is the one most analyzed and most often implemented, including those used in commercial products, e.g., [91, 113].

In this chapter, I define the BB84 protocol, although I already described it informally in Section 1.1. The physical implementation is then investigated. Finally, I analyze the eavesdropping strategies against BB84 and deduce the secret key rate.

Description

Alice chooses binary key elements randomly and independently, denoted by the random variable X ∈ χ = {0, 1}. In this protocol, there are two encoding rules, numbered by i ∈ {1, 2}. Alice randomly and independently chooses which encoding rule she uses for each key element.

• In case 1, Alice prepares a qubit from the basis {|0〉, |1〉} as

• In case 2, Alice prepares a qubit from the basis {|+〉, |−〉} as

On his side, Bob measures either Z or X, yielding the result YZ or YX, choosing at random which observable he measures. After sending a predefined number of qubits, Alice reveals to Bob the encoding rule for each of them. They proceed with sifting, that is, they discard the key elements for which Alice used case 1 (or case 2) and Bob measured Z (or X). For the remaining (sifted) key elements, we denote Bob's sifted measurements by Y.