BB84 Quantum Key Distribution: Difference between revisions

Revision as of 19:05, 11 November 2018

Functionality Description

The BB84 protocol implements the task of Quantum Key Distribution (QKD). The protocol enables two parties, Alice and Bob, to establish a classical secret key by preparing and measuring qubits. The output of the protocol is a classical secret key which is completely unknown to any third party, namely an eavesdropper.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task, Device Independent QKD, Six State QKD

Requirements

Network Stage: Prepare and Measure
Relevant Network Parameters: $\epsilon _{T},\epsilon _{M}$ (see Prepare and Measure)
Benchmark values:
- Minimum number of rounds ranging from Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathcal{O}(10^2)} to ${\mathcal {O}}(10^{5})$ depending on the network parameters, for commonly used secure parameters.
- $QBER\leq 0.11$ , taking a depolarizing model as benchmark. Parameters satisfying $\epsilon _{T}+\epsilon _{M}\leq 0.11$ are sufficient.
requires Authenticated classical channel, Random number generator.

Example:

Outline

The protocol shares a classical between two parties, sender (Alice) and receiver (Bob). The BB84 quantum key distribution protocol is composed by the following steps:

Distribution: This step involves preparation, exchange and measurement of quantum states. For each round of the distribution phase, Sender randomly chooses a basis (a pair of orthogonal states) out of two available bases (X and Z). She then randomly chooses one of the two states and prepares the corresponding quantum state in the chosen basis. She sends the prepared state to Bob. Upon receiving the state, Receiver announces that he received the state and randomly chooses to measure in the either of the two available bases (X or Z). The outcomes of the measurements give Bob a string of classical bits. The two parties repeat the above procedure Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} times so that at the end of the distribution phase each of them holds an $n$ -bit string.
Sifting: Both parties publicly announce their choices of basis and compare them. They discard the rounds in which Receiver measured in a different basis than the one prepared by Sender.
Parameter estimation: Both parties use a fraction of the remaining rounds (in which both measured in the same basis) in order to estimate the quantum bit error rate (QBER).
Error correction: Both together, choose a classical error correcting code and publicly communicate in order to correct their string of bits. At the end of this phase both parties hold the same bit-string.
Privacy amplification: Both use an extractor on the previously established string to generate a smaller but completely secret string of bits, which is the final key.

Properties

Notations Used:
- $n$ number of total rounds of the protocol.
- $\ell$ size of the secret key.
- $X_{i},Y_{i}$ bits of input of Sender and Receiver, respectively, that define the measurement basis.
- $A_{i},B_{i}$ bits of output of Sender and Receiver, respectively.
- $K_{A},K_{B}$ final key of Sender and Receiver, respectively.
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Q_X} is the quantum bit error rate QBER in the $X$ basis.
- $Q_{Z}$ is the quantum bit error rate QBER in the $Z$ basis estimated prior to the protocol.
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle H} is the Hadamard gate. Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle H^{0} = I, H^{1} = H} .
- $\gamma$ is the probability that Alice (Bob) prepares (measures) a qubit in the $X$ basis.
- $\epsilon _{\rm {EC}}$ , $\epsilon '_{\rm {EC}}$ are the error probabilities of the error correction protocol.
- $\epsilon _{\rm {PA}}$ is the error probability of the privacy amplification protocol.
- $\epsilon _{\rm {PE}}$ is the error probability of the parameter estimation.

The protocol-
- is Information-theoretically secure
- requires synchronous network, authenticated public classical channel, secure from coherent attacks
- implements $(n,\epsilon _{\rm {corr}},\epsilon _{\rm {sec}},\ell )$ -QKD, which means that it generates an $\epsilon _{\rm {corr}}$ -correct, $\epsilon _{\rm {sec}}$ -secret key of length Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \ell} in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} rounds. The security parameters of this protocol are give by

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_{\rm corr}&=\epsilon_{\rm EC},</br> \epsilon_{\rm sec}&= \epsilon_{\rm PA}+\epsilon_{\rm PE}, } and the amount of key $\ell$ that is generated is given by Failed to parse (syntax error): {\displaystyle \ell\geq & (1-\gamma)^2n \de{ 1-h(Q_X+\nu) -h(Q_Z)}</br> &\;\;\; -\sqrt{(1-\gamma)^2n}\de{4\log\de{2\sqrt{2}+1} \de{\sqrt{\log\frac{2}{\epsilon_{\rm PE}^2}}+ \sqrt{\log \frac{8}{{\epsilon'}_{\rm EC}^2}}}}</br> &\;\;\; -\log\de{\frac{8}{{\epsilon'}_{\rm EC}^2}+\frac{2}{2-\epsilon'_{\rm EC}} }-\log \de{\frac{1}{\epsilon_{\rm EC}}}- 2\log\de{\frac{1}{2\epsilon_{\rm PA}}}} where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \nu = \sqrt{ \frac{(1+\gamma^2n)((1-\gamma)^2+\gamma^2)}{(1-\gamma)^2\gamma^4n^2}\log\de{\frac{1}{\epsilon_{\rm PE}}}}} and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle h(\cdot)} is the binary entropy function.

In Eq.~\eqref{eq:keylength}, the parameters $\epsilon_{\rm EC}$ and $\epsilon'_{\rm EC}$ are error probabilities of the classical error correction subroutine. At the end of the error correction step, if the protocol does not abort, then Alice and Bob share equal strings of bits with probability at least $1-\epsilon_{\rm EC}$. The parameter $\epsilon'_{\rm EC}$ is related with the completeness of the error correction subroutine, namely that for an honest implementation, the error correction protocol aborts with probability at most $\epsilon'_{\rm EC}+\epsilon_{\rm EC}$. The parameter $\epsilon_{\rm PA}$ is the error probability of the privacy amplification subroutine and $\epsilon_{\rm PE}$ is the error probability of the parameter estimation subroutine used to estimate $Q_X$. (See Quantum Key Distribution for the precise security definition)

Pseudo Code

Input: $n,\gamma ,\epsilon _{\rm {PA}},\epsilon _{\rm {PE}},\epsilon _{\rm {EC}},\epsilon '_{\rm {EC}},Q_{Z}$
Output: $K_{A},K_{B}$

Stage 1 Distribution and measurement

For i=1,2,...,n
1. Sender chooses random bits Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle X_i\epsilon\{0,1\}} and $A_{i}\epsilon _{R}\{0,1\}$ such that $P(X_{i}=1)=\gamma$
2. Sender prepares $H^{X_{i}}|A_{i}\rangle$ and sends it to Bob
3. Receiver announces receiving a state
4. Receiver chooses bit $Y_{i}\in _{R}\{0,1\}$ such that $P(Y_{i}=1)=\gamma$
5. Receiver measures $H^{X_{i}}|A_{i}\rangle$ in basis $\{H^{Y_{i}}|0\rangle ,H^{Y_{i}}|1\rangle \}$ with outcome $B_{i}$

At this stage Sender holds strings $X_{1}^{n},A_{1}^{n}$ and Receiver $Y_{1}^{n},B_{1}^{n}$ , all of length $n$

Stage 2 Sifting

Alice and Bob publicly announce $X_{1}^{n},Y_{1}^{n}$
For i=1,2,....,n
1. If $X_{i}=Y_{i}$ $X_{i}=Y_{i}$
  1. $A_{1}^{n'}=A_{1}^{n'}.$ append</math>(A_i)</math>
  2. $B_{1}^{n'}=B_{1}^{n'}.$ append $(B_{i})$
  3. $X_{1}^{n'}=X_{1}^{n'}.$ append $(X_{i})$
  4. $Y_{1}^{n'}=Y_{1}^{n'}.$ append $(Y_{i})$

Now Sender holds strings $X_{1}^{n'},A_{1}^{n'}$ and Receiver $Y_{1}^{n'},B_{1}^{n'}$ , all of length $n'\leq n$

Stage 3 Parameter estimation

For $i=1,...,n$ $i=1,...,n$
1. size $Q$ = 0
2. If{ $X_{i}=Y_{i}=1$ $X_{i}=Y_{i}=1$
  1. Sender and Receiver publicly announce $A_i, B_i$\;
  2. Sender and Receiver compute $Q_{i}=1-\delta _{A_{i}B_{i}}$ , where $\delta _{A_{i}B_{i}}$ is the Kronecker delta
3. size $Q$ += 1\;

Both Sender and Receiver, each, compute Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Q_X = \frac{1}{\tn{size}Q} \sum_{i=1}^{n'}Q_i}

Stage 4 Error correction

$C(\cdot ,\cdot )$ is an error correction subroutine determined by the previously estimated value of $Q_{Z}$ and with error parameters $\epsilon '_{\rm {EC}}$ and $\epsilon _{\rm {EC}}$
Both Sender and Receiver run $C(A_{1}^{n'},B_{1}^{n'})$ .
Receiver obtains ${\tilde {B}}_{1}^{n'}$

Stage 5 Privacy amplification

$PA(\cdot ,\cdot )$ is a privacy amplification subroutine determined by the size $\ell$ , computed from Eq.(3), and with secrecy parameter $\epsilon _{\rm {PA}}$
Sender and Receiver run $PA(A_1^{n'},\tilde{B}_1^{n'})$ and obtain secret keys $K_A, K_B$\;

Relevant Papers

@@ Line 67: / Line 67: @@
 <u>'''Stage 1'''</u> Distribution and measurement
 #For i=1,2,...,n
-##  Sender chooses random bits <math>X_i\in\{0,1\}</math> and <math>A_i\in_R\{0,1\}</math> such that <math>P(X_i=1)=\gamma</math>
+##  Sender chooses random bits <math>X_i\epsilon\{0,1\}</math> and <math>A_i\epsilon_R\{0,1\}</math> such that <math>P(X_i=1)=\gamma</math>
-##  Sender prepares <math>H^{X_i}\ket{A_i}</math> and sends it to Bob
+##  Sender prepares <math>H^{X_i}|A_i\rangle</math> and sends it to Bob
 ##  Receiver announces receiving a state
 ##  Receiver chooses bit <math>Y_i\in_R\{0,1\}</math> such that <math>P(Y_i=1)=\gamma</math>
-##  Receiver measures <math>H^{X_i}\ket{A_i}</math> in basis <math>\{H^{Y_i}\ket{0}, H^{Y_i}\ket{1}\}</math> with outcome <math>B_i</math>
+##  Receiver measures <math>H^{X_i}|A_i\rangle</math> in basis <math>\{H^{Y_i}|0\rangle, H^{Y_i}|1\rangle\}</math> with outcome <math>B_i</math>
 *At this stage Sender holds strings <math>X_1^n, A_1^n</math> and Receiver <math>Y_1^n, B_1^n</math>, all of length <math>n</math>
@@ Line 78: / Line 78: @@
 #For i=1,2,....,n
 ##	If <math>X_i=Y_i</math>
-###	<math>A_1^{n'} = A_1^{n'}.\tn{append}(A_i)</math>
+###	<math>A_1^{n'} = A_1^{n'}.</math>append</math>(A_i)</math>
-###	<math>B_1^{n'} = B_1^{n'}.\tn{append}(B_i)</math>
+###	<math>B_1^{n'} = B_1^{n'}.</math>append<math>(B_i)</math>
-###	<math>X_1^{n'} = X_1^{n'}.\tn{append}(X_i)</math>
+###	<math>X_1^{n'} = X_1^{n'}.</math>append<math>(X_i)</math>
-###	<math>Y_1^{n'} = Y_1^{n'}.\tn{append}(Y_i)</math>
+###	<math>Y_1^{n'} = Y_1^{n'}.</math>append<math>(Y_i)</math>
 *Now Sender holds strings <math>X_1^{n'}, A_1^{n'}</math> and Receiver <math>Y_1^{n'}, B_1^{n'}</math>, all of length <math>n'\leq n</math>
 <u>'''Stage 3'''</u> Parameter estimation
@@ Line 91: / Line 91: @@
 ##	size<math>Q</math> += 1\;
-Both Sender and Receiver, each, compute <math>Q_X = \frac{1}{\tn{size}Q} \sum_{i=1}^{n'}Q_i</math>
+*Both Sender and Receiver, each, compute <math>Q_X = \frac{1}{\tn{size}Q} \sum_{i=1}^{n'}Q_i</math></br>
 <u>'''Stage 4'''</u> Error correction
-<math>C(\cdot,\cdot)</math> is an error correction subroutine determined by the previously estimated value of <math>Q_Z</math> and with error parameters  <math>\epsilon'_{\rm EC}</math> and <math>\epsilon_{\rm EC}</math>
+#<math>C(\cdot,\cdot)</math> is an error correction subroutine determined by the previously estimated value of <math>Q_Z</math> and with error parameters  <math>\epsilon'_{\rm EC}</math> and <math>\epsilon_{\rm EC}</math>
-Both Sender and Receiver run <math>C(A_1^{n'},B_1^{n'})</math>. Receiver obtains <math>\tilde{B}_1^{n'}</math>
+#Both Sender and Receiver run <math>C(A_1^{n'},B_1^{n'})</math>.
+#Receiver obtains <math>\tilde{B}_1^{n'}</math>
 <u>'''Stage 5'''</u> Privacy amplification
-<math>PA(\cdot,\cdot)</math> is a privacy amplification subroutine determined by the size <math>\ell</math>, computed from Eq.(3), and  with secrecy parameter <math>\epsilon_{\rm PA}</math>
+#<math>PA(\cdot,\cdot)</math> is a privacy amplification subroutine determined by the size <math>\ell</math>, computed from Eq.(3), and  with secrecy parameter <math>\epsilon_{\rm PA}</math>
-Sender and Receiver run $PA(A_1^{n'},\tilde{B}_1^{n'})$ and obtain secret keys $K_A, K_B$\;
+#Sender and Receiver run $PA(A_1^{n'},\tilde{B}_1^{n'})$ and obtain secret keys $K_A, K_B$\;
 ==Relevant Papers==

BB84 Quantum Key Distribution: Difference between revisions

Revision as of 19:05, 11 November 2018

Contents

Functionality Description

Requirements