BB84

BB84[1] is a quantum key distribution scheme developed by Charles Bennett and Gilles Brassard in 1984. It is the first quantum cryptography protocol.[2] The protocol is provably secure, relying on the quantum property that information gain is only possible at the expense of disturbing the signal if the two states one is trying to distinguish are not orthogonal (see no cloning theorem). It is usually explained as a method of securely communicating a private key from one party to another for use in one-time pad encryption.[3]

Description

In the BB84 scheme, Alice wishes to send a private key to Bob. She begins with two strings of bits, a and b, each n bits long. She then encodes these two strings as a string of n qubits,

|\psi\rangle = \bigotimes_{i=1}^{n}|\psi_{a_ib_i}\rangle.

a_i and b_i are the i^\mathrm{th} bits of a and b, respectively. Together, a_ib_i give us an index into the following four qubit states:

|\psi_{00}\rangle = |0\rangle

|\psi_{10}\rangle = |1\rangle

|\psi_{01}\rangle = |+\rangle = \frac{1}{\sqrt{2}}|0\rangle + \frac{1}{\sqrt{2}}|1\rangle

|\psi_{11}\rangle = |-\rangle = \frac{1}{\sqrt{2}}|0\rangle - \frac{1}{\sqrt{2}}|1\rangle.

Note that the bit b_i is what decides which basis a_i is encoded in (either in the computational basis or the Hadamard basis). The qubits are now in states which are not mutually orthogonal, and thus it is impossible to distinguish all of them with certainty without knowing b.

Alice sends |\psi\rangle over a public quantum channel \mathcal{E} to Bob. Bob receives a state \mathcal{E}(\rho) = \mathcal{E}(|\psi\rangle\langle\psi|), where \mathcal{E} represents the both the effects of noise in the channel as well as eavesdropping by a third party we'll call Oscar. After Bob receives the string of qubits, all three parties, namely Alice, Bob and Oscar, have their own states. However, since only Alice knows b, it makes it virtually impossible for either Bob or Oscar to distinguish the states of the qubits. Also, after Bob has received the qubits, we know that Oscar cannot be in possession of a copy of the qubits sent to Bob, by the no cloning theorem, unless she has made measurements. Her measurements, however, risk disturbing a particular qubit with probability ½ if she guesses the wrong basis.

Bob proceeds to generate a string of random bits b' of the same length as b, and then measures the string he has received from Alice, a'. At this point, Bob announces publicly that he has received Alice's transmission. Alice then knows she can now safely announce b. Bob communicates over a public channel with Alice to determine which b_i and b'_i are not equal. Both Alice and Bob now discard the qubits in a and a' where b and b' do not match.

From the remaining k bits where both Alice and Bob measured in the same basis, Alice randomly chooses k/2 bits and discloses her choices over the public channel. Both Alice and Bob announce these bits publicly and run a check to see if more than a certain number of them agree. If this check passes, Alice and Bob proceed to use privacy amplification and information reconciliation techniques to create some number of shared secret keys. Otherwise, they cancel and start over.

See also

References

  1. C. H. Bennett and G. Brassard. "Quantum cryptography: Public key distribution and coin tossing". In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 175, page 8. New York, 1984. http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf
  2. Branciard, Cyril; Gisin, Nicolas; Kraus, Barbara; Scarani, Valerio (2005). "Security of two quantum cryptography protocols using the same four qubit states". Physical Review A 72 (3). arXiv:quant-ph/0505035. doi:10.1103/PhysRevA.72.032301.
  3. Quantum Computing and Quantum Information, Michael Nielsen and Isaac Chuang
This article is issued from Wikipedia - version of the Wednesday, April 27, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.