Editing Byzantine Agreement

==Functionality Description==
Byzantine agreement{{cn}} is about reaching agreement in a network of <math>n</math> players out of which <math>t</math> players may be faulty. Each player starts with an input bit <math>b_i</math> and the goal is for all correct players to output the same bit <math>d</math> [[agreement]], under the constraint that <math>d = b_i</math> at least for some node <math>i</math> [[validity]]. The [[hardness]] of this task depends on the [[failure model]] of the faulty (sometimes called [[adversary]]) players. In Byzantine agreement, the faulty players are assumed to show the most severe form of failure known as Byzantine failures. In this model, faulty players behave arbitrarily, can collude and even act maliciously trying to prevent correct players from reaching agreement. Byzantine agreement is an important problem in classical distributed systems, used to guarantee consistency amongst distributed data structures.



'''Tags:''' [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]][[Category: Quantum Enhanced Classical Functionality]], [[:Category: Multi Party Protocols|Multi Party Protocols]] [[Category: Multi Party Protocols]],  [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], consensus task, failure-resilient distributed computing.

[[Category: Two Party Protocols]] [[Category: Quantum Enhanced Classical Functionality]] [[Category:Specific Task]]

==Protocols==

*[[BB84 Quantum Key Distribution]]: [[:Category: Prepare and Measure Network Stage|Prepare and Measure Network Stage]] 
*[[Device Independent Quantum Key Distribution]]:[[:Category:Entanglement Distribution Network stage|Entanglement Distribution Network Stage]]
Device-Independent Quantum Key Distribution (DI-QKD) has better security guarantees than BB84 QKD.
 [[Category: Prepare and Measure Network Stage]] [[Category:Entanglement Distribution Network stage]]

==Properties==
A quantum key distribution protocol is secure if it is ''correct'' and ''secret''. Correctness is the statement that Sender and Receiver share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is totally ignorant about the final key. 

*'''Correctness''' A QKD protocol is <math>\epsilon_{\rm corr}</math>-correct if the probability that the final key of Sender differs from the final key of Receiver, is smaller than <math>\epsilon_{\rm corr}</math>

*'''Secrecy''' A QKD protocol is <math>\epsilon_{\rm sec}</math>-secret if for every input state it holds that
<math> \frac{1}{2}{\|{\rho_{K_AE}}-{\tau_{K_A}\otimes \rho_E}\|}_1\leq \epsilon_{\rm sec},</math>
where <math>\tau_{K_A}=\frac{1}{|K_A|}\sum_{k}|{k}\rangle\langle{k}|_A</math> is the maximally mixed state in the space of strings <math>K_A</math>, and <math>{\|\cdot \|}_1</math> is the trace norm.

*A protocol implements a <math>(n,\epsilon_{\rm corr},\epsilon_{\rm sec},\ell)</math>-QKD if with <math>n</math> rounds it generates an <math>\epsilon_{\rm corr}</math>-correct and <math>\epsilon_{\rm sec}</math>-secret key of size <math>\ell</math> bits.

==Further Information==
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
#[https://arxiv.org/abs/1409.3525 PR (2014)] discusses security of various QKD schemes composed in other cryptographic protocols.
#[https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.110.010503 BCK (2013)] Analyses device independent QKD


<div style='text-align: right;'>''*contributed by Bas Dirke, Victoria Lipinska, Glaucia Murta and Jeremy Ribeiro''</div>