🔑

Topic 10 of 12

Quantum Cryptography & BB84

Quantum key distribution (QKD) allows two parties to establish a provably secure secret key using quantum mechanics — security guaranteed by the laws of physics, not computational hardness. The BB84 protocol (Bennett & Brassard, 1984) exploits the no-cloning theorem and measurement disturbance: any eavesdropper necessarily introduces detectable errors.

Key Concepts

BB84 Protocol

Alice sends qubits randomly prepared in one of four states:

|0\rangle, |1\rangle

(rectilinear basis

\oplus

) or

|+\rangle, |{-}\rangle

(diagonal basis

\otimes

). Bob measures in a randomly chosen basis. They publicly compare bases (not results) and keep only bits where bases matched — the sifted key. Eavesdropping introduces detectable errors.

Basis Sifting

After transmission, Alice and Bob publicly announce which basis they used for each bit (not the measured value). They keep only the bits where both chose the same basis — about 50% of bits on average. The remaining 50% are discarded. This step converts raw quantum transmissions into a shared raw key.

Eavesdropping Detection

An eavesdropper Eve intercepts qubits and must guess the basis. She guesses wrong 50% of the time, causing her to measure in the wrong basis and resend the wrong state. This introduces a 25% error rate (QBER) in Alice and Bob's sifted key. They detect Eve by publicly comparing a sample of key bits.

Information-Theoretic Security

Unlike RSA (secure only assuming factoring is hard), QKD security is information-theoretic — it holds against any attacker, including those with quantum computers, provided the quantum channel noise is below the security threshold. The security proof uses quantum information theory, not computational assumptions.

Privacy Amplification

After sifting and error correction, Alice and Bob apply a hash function (universal hash family) to compress their key. This reduces Eve's partial information about the key to exponentially small levels, producing a shorter but provably secret final key.

E91 Protocol

An entanglement-based QKD protocol by Ekert (1991). Alice and Bob share Bell pairs; each measures in a random basis. Security is verified by checking Bell inequality violations — if Eve tampers, the violations disappear. Equivalent to BB84 in security but conceptually links QKD to quantum non-locality.

Key Equations

BB84 States

\text{Basis } \oplus: |0\rangle, |1\rangle \qquad \text{Basis } \otimes: |{+}\rangle = \tfrac{|0\rangle+|1\rangle}{\sqrt{2}},\; |{-}\rangle = \tfrac{|0\rangle-|1\rangle}{\sqrt{2}}

Four BB84 states in two conjugate bases.

Sifting Key Rate

R_{\text{sifted}} = \frac{1}{2} R_{\text{raw}}

Basis sifting keeps ~50% of transmitted qubits on average.

Eavesdropper Error Rate

\text{QBER}_{\text{Eve}} = 25\% = \frac{1}{4}

An intercept-resend attack introduces a 25% bit error rate in the sifted key.

Security Condition

\text{QBER} < 11\% \implies \text{secure key generation possible}

Below the 11% QBER threshold, privacy amplification can distill a secure key.

Worked Example

BB84 Mini-Example

Problem

Alice sends 8 qubits in BB84. Trace through basis sifting and show how an eavesdropper is detected.

Solution

Alice sends: $|0\rangle_\oplus, |+\rangle_\otimes, |1\rangle_\oplus, |{-}\rangle_\otimes, |0\rangle_\oplus, |1\rangle_\oplus, |+\rangle_\otimes, |{-}\rangle_\otimes$

Bob measures in random bases: $\oplus, \oplus, \oplus, \otimes, \otimes, \otimes, \otimes, \oplus$

Matching bases (sifted): qubits 1, 3, 4, 7 (4 of 8 = 50%). Sifted key bits: 0, 1, 0, 0

Eve intercepts all 8 qubits in random bases. She guesses wrong on average 4/8 = 50% of qubits. For the 4 sifted bits, she introduces errors at rate 25%.

P(\text{error per sifted bit from Eve}) = \frac{1}{2} \times \frac{1}{2} = \frac{1}{4} = 25\%

Alice and Bob compare 2 sifted bits openly. If any disagree, Eve is present.

Answer Eve introduces ~25% QBER; comparing a sample of key bits detects her presence.

Practice

Exercises

5 problems

1 of 5

BB84 uses how many distinct measurement bases?

Your answer

bases

2 of 5

How many distinct quantum states are used in BB84?

Your answer

states

3 of 5

What fraction of transmitted qubits are kept after basis sifting (on average)?

Unlock Exercise 3

Subscribe to PhysWeb Pro to access all exercises and track your progress.

Upgrade to Pro →

4 of 5

An intercept-resend eavesdropper introduces what QBER (as a decimal)?

Unlock Exercise 4

Subscribe to PhysWeb Pro to access all exercises and track your progress.

Upgrade to Pro →

5 of 5

Alice sends 2000 qubits in BB84. Expected raw key length after sifting?

Unlock Exercise 5

Subscribe to PhysWeb Pro to access all exercises and track your progress.

Upgrade to Pro →

Key Takeaways

BB84 uses 4 states in 2 conjugate bases; any eavesdropper introduces a 25% QBER detectable by Alice and Bob.
Basis sifting keeps ~50% of transmitted qubits (those where Alice and Bob chose the same basis).
Security is information-theoretic — valid against all attackers including quantum computers.
Privacy amplification compresses the sifted key to eliminate Eve's partial knowledge.
E91 uses Bell pairs and Bell inequality tests to certify security via entanglement non-locality.