Quantum Key Distribution

Functionality

Quantum key distribution is a task that enables two parties, Alice and Bob, to establish a classical secret key by using quantum systems. A classical secret key is a random string of bits known to only Alice and Bob, and completely unknown to any third party, namely an eavesdropper. Such a secret key can for example be used to encrypt a classical message sent over a public channel.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task, unconditional security (information theoretical security), random number generator, key generation,,

Protocols

• BB84 Quantum Key Distribution requires 2 preparation and measurement bases
• Six State Quantum Key Distribution requires 3 preparation and measurement bases instead of 2 for BB84, but the Six-state protocol tolerates more noise than the BB84 protocol.
• Device-Independent Quantum Key Distribution requires a the higher entanglement distribution network stage, but has better security guarantees than the prepare and measure protocols.

Properties

A quantum key distribution protocol is secure if it is correct and secret. Correctness is the statement that Alice and Bob share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is totally ignorant about the final key.

• Correctness A QKD protocol is ${\displaystyle \epsilon _{\rm {corr}}}$-correct if the probability that the final key of Alice differs from the final key of Bob, is smaller than ${\displaystyle \epsilon _{\rm {corr}}}$

• Secrecy A QKD protocol is ${\displaystyle \epsilon _{\rm {sec}}}$-secret if for every input state it holds that

${\displaystyle {\frac {1}{2}}{\|{\rho _{K_{A}E}}-{\tau _{K_{A}}\otimes \rho _{E}}\|}_{1}\leq \epsilon _{\rm {sec}},}$ where Failed to parse (unknown function "\ketbra"): {\displaystyle \tau_{K_A}=\frac{1}{|K_A|}\sum_{k}\ketbra{k}{k}_A} is the maximally mixed state in the space of strings ${\displaystyle K_{A}}$, and ${\displaystyle {\|\cdot \|}_{1}}$ is the trace norm.

• A protocol implements a ${\displaystyle (n,\epsilon _{\rm {corr}},\epsilon _{\rm {sec}},\ell )}$-QKD if with ${\displaystyle n}$ rounds it generates an ${\displaystyle \epsilon _{\rm {corr}}}$-correct and ${\displaystyle \epsilon _{\rm {sec}}}$-secret key of size ${\displaystyle \ell }$ bits.

Discussion

1. BCK (2013) Analyses device independent QKD
2. PR (2014) discusses security of various QKD schemes composed in other cryptographic protocols.