BB84

Last updated April 22, 2024

BB84^[1]^[2] is a quantum key distribution scheme developed by Charles Bennett and Gilles Brassard in 1984. It is the first quantum cryptography protocol.^[3] The protocol is provably secure assuming a perfect implementation, relying on two conditions: (1) the quantum property that information gain is only possible at the expense of disturbing the signal if the two states one is trying to distinguish are not orthogonal (see no-cloning theorem); and (2) the existence of an authenticated public classical channel.^[4] It is usually explained as a method of securely communicating a private key from one party to another for use in one-time pad encryption.^[5] The proof of BB84 depends on a perfect implementation. Side channel attacks exist, taking advantage of non-quantum sources of information. Since this information is non-quantum, it can be intercepted without measuring or cloning quantum particles.^[6]

Description

In the BB84 scheme, Alice wishes to send a private key to Bob. She begins with two strings of bits, $a$ and $b$ , each $n$ bits long. She then encodes these two strings as a tensor product of $n$ qubits:

|\psi \rangle =\bigotimes _{i=1}^{n}|\psi _{a_{i}b_{i}}\rangle ,

where $a_{i}$ and $b_{i}$ are the $i$ -th bits of $a$ and $b$ respectively. Together, $a_{i}b_{i}$ give us an index into the following four qubit states:

|\psi _{00}\rangle =|0\rangle ,

|\psi _{10}\rangle =|1\rangle ,

|\psi _{01}\rangle =|+\rangle ={\frac {1}{\sqrt {2}}}|0\rangle +{\frac {1}{\sqrt {2}}}|1\rangle ,

|\psi _{11}\rangle =|-\rangle ={\frac {1}{\sqrt {2}}}|0\rangle -{\frac {1}{\sqrt {2}}}|1\rangle .

Note that the bit $b_{i}$ is what decides which basis $a_{i}$ is encoded in (either in the computational basis or the Hadamard basis). The qubits are now in states that are not mutually orthogonal, and thus it is impossible to distinguish all of them with certainty without knowing $b$ .

Alice sends $|\psi \rangle$ over a public and authenticated quantum channel ${\mathcal {E}}$ to Bob. Bob receives a state ${\mathcal {E}}(\rho )={\mathcal {E}}(|\psi \rangle \langle \psi |)$ , where ${\mathcal {E}}$ represents both the effects of noise in the channel and eavesdropping by a third party we'll call Eve. After Bob receives the string of qubits, both Bob and Eve have their own states. However, since only Alice knows $b$ , it makes it virtually impossible for either Bob or Eve to distinguish the states of the qubits. Also, after Bob has received the qubits, we know that Eve cannot be in possession of a copy of the qubits sent to Bob, by the no-cloning theorem, unless she has made measurements. Her measurements, however, risk disturbing a particular qubit with probability 1/2 if she guesses the wrong basis.

Bob proceeds to generate a string of random bits $b'$ of the same length as $b$ and then measures the qubits he has received from Alice, obtaining a bit string $a'$ . At this point, Bob announces publicly that he has received Alice's transmission. Alice then knows she can now safely announce $b$ , i.e., the bases in which the qubits were prepared. Bob communicates over a public channel with Alice to determine which $b_{i}$ and $b'_{i}$ are not equal. Both Alice and Bob now discard the bits in $a$ and $a'$ where $b$ and $b'$ do not match.

From the remaining $k$ bits where both Alice and Bob measured in the same basis, Alice randomly chooses $k/2$ bits and discloses her choices over the public channel. Both Alice and Bob announce these bits publicly and run a check to see whether more than a certain number of them agree. If this check passes, Alice and Bob proceed to use information reconciliation and privacy amplification techniques to create some number of shared secret keys. Otherwise, they cancel and start over.

Related Research Articles

Quantum teleportation is a technique for transferring quantum information from a sender at one location to a receiver some distance away. While teleportation is commonly portrayed in science fiction as a means to transfer physical objects from one location to the next, quantum teleportation only transfers quantum information. The sender does not have to know the particular quantum state being transferred. Moreover, the location of the recipient can be unknown, but to complete the quantum teleportation, classical information needs to be sent from sender to receiver. Because classical information needs to be sent, quantum teleportation cannot occur faster than the speed of light.

In quantum computing, a qubit or quantum bit is a basic unit of quantum information—the quantum version of the classic binary bit physically realized with a two-state device. A qubit is a two-state quantum-mechanical system, one of the simplest quantum systems displaying the peculiarity of quantum mechanics. Examples include the spin of the electron in which the two levels can be taken as spin up and spin down; or the polarization of a single photon in which the two spin states can also be measured as horizontal and vertical linear polarization. In a classical system, a bit would have to be in one state or the other. However, quantum mechanics allows the qubit to be in a coherent superposition of multiple states simultaneously, a property that is fundamental to quantum mechanics and quantum computing.

Quantum key distribution (QKD) is a secure communication method that implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which then can be used to encrypt and decrypt messages. The process of quantum key distribution is not to be confused with quantum cryptography, as it is the best-known example of a quantum-cryptographic task.

In physics, the CHSH inequality can be used in the proof of Bell's theorem, which states that certain consequences of entanglement in quantum mechanics cannot be reproduced by local hidden-variable theories. Experimental verification of the inequality being violated is seen as confirmation that nature cannot be described by such theories. CHSH stands for John Clauser, Michael Horne, Abner Shimony, and Richard Holt, who described it in a much-cited paper published in 1969. They derived the CHSH inequality, which, as with John Stewart Bell's original inequality, is a constraint—on the statistical occurrence of "coincidences" in a Bell test—which is necessarily true if an underlying local hidden-variable theory exists. In practice, the inequality is routinely violated by modern experiments in quantum mechanics.

In quantum computing and specifically the quantum circuit model of computation, a quantum logic gate is a basic quantum circuit operating on a small number of qubits. Quantum logic gates are the building blocks of quantum circuits, like classical logic gates are for conventional digital circuits.

Quantum error correction (QEC) is used in quantum computing to protect quantum information from errors due to decoherence and other quantum noise. Quantum error correction is theorised as essential to achieve fault tolerant quantum computing that can reduce the effects of noise on stored quantum information, faulty quantum gates, faulty quantum preparation, and faulty measurements. This would allow algorithms of greater circuit depth.

A Tsirelson bound is an upper limit to quantum mechanical correlations between distant events. Given that quantum mechanics violates Bell inequalities, a natural question to ask is how large can the violation be. The answer is precisely the Tsirelson bound for the particular Bell inequality in question. In general, this bound is lower than the bound that would be obtained if more general theories, only constrained by "no-signalling", were considered, and much research has been dedicated to the question of why this is the case.

In quantum information science, the Bell's states or EPR pairs are specific quantum states of two qubits that represent the simplest examples of quantum entanglement. The Bell's states are a form of entangled and normalized basis vectors. This normalization implies that the overall probability of the particle being in one of the mentioned states is 1: $. Entanglement is a basis-independent result of superposition. Due to this superposition, measurement of the qubit will "collapse" it into one of its basis states with a given probability. Because of the entanglement, measurement of one qubit will "collapse" the other qubit to a state whose measurement will yield one of two possible values, where the value depends on which Bell's state the two qubits are in initially. Bell's states can be generalized to certain quantum states of multi-qubit systems, such as the GHZ state for three or more subsystems.$

In quantum information theory, superdense coding is a quantum communication protocol to communicate a number of classical bits of information by only transmitting a smaller number of qubits, under the assumption of sender and receiver pre-sharing an entangled resource. In its simplest form, the protocol involves two parties, often referred to as Alice and Bob in this context, which share a pair of maximally entangled qubits, and allows Alice to transmit two bits to Bob by sending only one qubit. This protocol was first proposed by Charles H. Bennett and Stephen Wiesner in 1970 and experimentally actualized in 1996 by Klaus Mattle, Harald Weinfurter, Paul G. Kwiat and Anton Zeilinger using entangled photon pairs. Superdense coding can be thought of as the opposite of quantum teleportation, in which one transfers one qubit from Alice to Bob by communicating two classical bits, as long as Alice and Bob have a pre-shared Bell pair.

<span class="mw-page-title-main">LOCC</span> Method in quantum computation and communication

LOCC, or local operations and classical communication, is a method in quantum information theory where a local (product) operation is performed on part of the system, and where the result of that operation is "communicated" classically to another part where usually another local operation is performed conditioned on the information received.

In physics, in the area of quantum information theory, a Greenberger–Horne–Zeilinger state is a certain type of entangled quantum state that involves at least three subsystems. The four-particle version was first studied by Daniel Greenberger, Michael Horne and Anton Zeilinger in 1989, and the three-particle version was introduced by N. David Mermin in 1990. Extremely non-classical properties of the state have been observed. GHZ states for large numbers of qubits are theorized to give enhanced performance for metrology compared to other qubit superposition states.

A Quantum Digital Signature (QDS) refers to the quantum mechanical equivalent of either a classical digital signature or, more generally, a handwritten signature on a paper document. Like a handwritten signature, a digital signature is used to protect a document, such as a digital contract, against forgery by another party or by one of the participating parties.

SARG04 is a 2004 quantum cryptography protocol derived from the first protocol of that kind, BB84.

Amplitude amplification is a technique in quantum computing which generalizes the idea behind Grover's search algorithm, and gives rise to a family of quantum algorithms. It was discovered by Gilles Brassard and Peter Høyer in 1997, and independently rediscovered by Lov Grover in 1998.

Entanglement distillation is the transformation of N copies of an arbitrary entangled state $into some number of approximately pure Bell pairs, using only local operations and classical communication.$

The noisy-storage model refers to a cryptographic model employed in quantum cryptography. It assumes that the quantum memory device of an attacker (adversary) trying to break the protocol is imperfect (noisy). The main goal of this model is to enable the secure implementation of two-party cryptographic primitives, such as bit commitment, oblivious transfer and secure identification.

Consider two remote players, connected by a channel, that don't trust each other. The problem of them agreeing on a random bit by exchanging messages over this channel, without relying on any trusted third party, is called the coin flipping problem in cryptography. Quantum coin flipping uses the principles of quantum mechanics to encrypt messages for secure communication. It is a cryptographic primitive which can be used to construct more complex and useful cryptographic protocols, e.g. Quantum Byzantine agreement.

In quantum physics, the "monogamy" of quantum entanglement refers to the fundamental property that it cannot be freely shared between arbitrarily many parties.

Parity measurement is a procedure in quantum information science used for error detection in quantum qubits. A parity measurement checks the equality of two qubits to return a true or false answer, which can be used to determine whether a correction needs to occur. Additional measurements can be made for a system greater than two qubits. Because parity measurement does not measure the state of singular bits but rather gets information about the whole state, it is considered an example of a joint measurement. Joint measurements do not have the consequence of destroying the original state of a qubit as normal quantum measurements do. Mathematically speaking, parity measurements are used to project a state into an eigenstate of an operator and to acquire its eigenvalue.

Quantum secret sharing (QSS) is a quantum cryptographic scheme for secure communication that extends beyond simple quantum key distribution. It modifies the classical secret sharing (CSS) scheme by using quantum information and the no-cloning theorem to attain the ultimate security for communications.

References

↑ C. H. Bennett and G. Brassard. "Quantum cryptography: Public key distribution and coin tossing". In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 175, page 8. New York, 1984. http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf Archived 2020-01-30 at the Wayback Machine
↑ Bennett, Charles H.; Brassard, Gilles (2014-12-04). "Quantum cryptography: Public key distribution and coin tossing". Theoretical Computer Science. Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84. 560, Part 1: 7–11. arXiv: 2003.06557 . doi: 10.1016/j.tcs.2014.05.025 .
↑ Branciard, Cyril; Gisin, Nicolas; Kraus, Barbara; Scarani, Valerio (2005). "Security of two quantum cryptography protocols using the same four qubit states". Physical Review A. 72 (3): 032301. arXiv: quant-ph/0505035 . Bibcode:2005PhRvA..72c2301B. doi:10.1103/PhysRevA.72.032301. S2CID 53653084.
↑ Scarani, Valerio; Bechmann-Pasquinucci, Helle; Cerf, Nicolas J.; Dušek, Miloslav; Lütkenhaus, Norbert; Peev, Momtchil (2009). "The security of practical quantum key distribution". Rev. Mod. Phys. 81 (3): 1301–1350. arXiv: 0802.4155 . Bibcode:2009RvMP...81.1301S. doi:10.1103/RevModPhys.81.1301. S2CID 15873250.
↑ Quantum Computing and Quantum Information, Michael Nielsen and Isaac Chuang, Cambridge University Press 2000
↑ Dixon, A. R., Dynes, J. F., Lucamarini, M., Fröhlich, B., Sharpe, A. W., Plews, A., Tam, W., Yuan, Z. L., Tanizawa, Y., Sato, H., Kawamura, S., Fujiwara, M., Sasaki, M., & Shields, A. J. (2017). Quantum key distribution with hacking countermeasures and long term field trial. Scientific Reports, 7, 1978.
↑ Migdał, Piotr; Jankiewicz, Klementyna; Grabarz, Paweł; Decaroli, Chiara; Cochin, Philippe (2022). "Visualizing quantum mechanics in an interactive simulation - Virtual Lab by Quantum Flytrap". Optical Engineering. 61 (8): 081808. arXiv: 2203.13300 . doi:10.1117/1.OE.61.8.081808.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] C. H. Bennett and G. Brassard. "Quantum cryptography: Public key distribution and coin tossing". In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 175, page 8. New York, 1984. http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf Archived 2020-01-30 at the Wayback Machine

[2] Bennett, Charles H.; Brassard, Gilles (2014-12-04). "Quantum cryptography: Public key distribution and coin tossing". Theoretical Computer Science. Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84. 560, Part 1: 7–11. arXiv: 2003.06557 . doi: 10.1016/j.tcs.2014.05.025 .

[3] Branciard, Cyril; Gisin, Nicolas; Kraus, Barbara; Scarani, Valerio (2005). "Security of two quantum cryptography protocols using the same four qubit states". Physical Review A. 72 (3): 032301. arXiv: quant-ph/0505035 . Bibcode:2005PhRvA..72c2301B. doi:10.1103/PhysRevA.72.032301. S2CID 53653084.

[4] Scarani, Valerio; Bechmann-Pasquinucci, Helle; Cerf, Nicolas J.; Dušek, Miloslav; Lütkenhaus, Norbert; Peev, Momtchil (2009). "The security of practical quantum key distribution". Rev. Mod. Phys. 81 (3): 1301–1350. arXiv: 0802.4155 . Bibcode:2009RvMP...81.1301S. doi:10.1103/RevModPhys.81.1301. S2CID 15873250.

[5] Quantum Computing and Quantum Information, Michael Nielsen and Isaac Chuang, Cambridge University Press 2000

[6] Dixon, A. R., Dynes, J. F., Lucamarini, M., Fröhlich, B., Sharpe, A. W., Plews, A., Tam, W., Yuan, Z. L., Tanizawa, Y., Sato, H., Kawamura, S., Fujiwara, M., Sasaki, M., & Shields, A. J. (2017). Quantum key distribution with hacking countermeasures and long term field trial. Scientific Reports, 7, 1978.

[7] Migdał, Piotr; Jankiewicz, Klementyna; Grabarz, Paweł; Decaroli, Chiara; Cochin, Philippe (2022). "Visualizing quantum mechanics in an interactive simulation - Virtual Lab by Quantum Flytrap". Optical Engineering. 61 (8): 081808. arXiv: 2203.13300 . doi:10.1117/1.OE.61.8.081808.

[1]

[2]

[3]

[4]

[5]

[6]

BB84

Contents

Description

See also

Related Research Articles

References