Write, autoreview, editor, reviewer
3,129
edits
No edit summary |
|||
Line 1: | Line 1: | ||
The BB84 protocol implements the task of [[Quantum Key Distribution]] (QKD). The protocol enables two parties, | The BB84 protocol implements the task of [[Quantum Key Distribution]] (QKD). The protocol enables two parties, Sender and Receiver, to establish a classical secret key by preparing and measuring qubits. The output of the protocol is a classical secret key which is completely unknown to any third party, namely an eavesdropper. | ||
'''Tags:''' [[:Category:Two Party Protocols|Two Party]], [[:Category:Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]], [[:Category:Specific Task|Specific Task]],[[Quantum Key Distribution]], [[Device Independent Quantum Key Distribution|Device Independent QKD]], [[Category:Multi Party Protocols]] [[Category:Quantum Enhanced Classical Functionality]][[Category:Specific Task]][[Category:Prepare and Measure Network Stage]] | '''Tags:''' [[:Category:Two Party Protocols|Two Party]], [[:Category:Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]], [[:Category:Specific Task|Specific Task]],[[Quantum Key Distribution]], [[Device Independent Quantum Key Distribution|Device Independent QKD]], [[Category:Multi Party Protocols]] [[Category:Quantum Enhanced Classical Functionality]][[Category:Specific Task]][[Category:Prepare and Measure Network Stage]] | ||
Line 8: | Line 8: | ||
* We assume security from [[coherent attacks]] | * We assume security from [[coherent attacks]] | ||
==Outline== | ==Outline== | ||
The protocol shares a classical between two parties, sender | The protocol shares a classical between two parties, sender and receiver. | ||
The BB84 quantum key distribution protocol is composed by the following steps: | The BB84 quantum key distribution protocol is composed by the following steps: | ||
*'''Distribution:''' This step involves preparation, exchange and measurement of quantum states. For each round of the distribution phase, Sender randomly chooses a basis (a pair of orthogonal states) out of two available bases (X and Z). She then randomly chooses one of the two states and prepares the corresponding quantum state in the chosen basis. She sends the prepared state to | *'''Distribution:''' This step involves preparation, exchange and measurement of quantum states. For each round of the distribution phase, Sender randomly chooses a basis (a pair of orthogonal states) out of two available bases (X and Z). She then randomly chooses one of the two states and prepares the corresponding quantum state in the chosen basis. She sends the prepared state to Receiver. Upon receiving the state, Receiver announces that he received the state and randomly chooses to measure in the either of the two available bases (X or Z). The outcomes of the measurements give Receiver a string of classical bits. The two parties repeat the above procedure <math>n</math> times so that at the end of the distribution phase each of them holds an <math>n</math>-bit string. | ||
*'''Sifting:''' Both parties publicly announce their choices of basis and compare them. They discard the rounds in which Receiver measured in a different basis than the one prepared by Sender. | *'''Sifting:''' Both parties publicly announce their choices of basis and compare them. They discard the rounds in which Receiver measured in a different basis than the one prepared by Sender. | ||
*'''Parameter estimation:''' Both parties use a fraction of the remaining rounds (in which both measured in the same basis) in order to estimate the [[quantum bit error rate]] (QBER). | *'''Parameter estimation:''' Both parties use a fraction of the remaining rounds (in which both measured in the same basis) in order to estimate the [[quantum bit error rate]] (QBER). | ||
Line 33: | Line 33: | ||
**<math>Q_Z</math> is the quantum bit error rate QBER in the <math>Z</math> basis estimated prior to the protocol. | **<math>Q_Z</math> is the quantum bit error rate QBER in the <math>Z</math> basis estimated prior to the protocol. | ||
**<math>H</math> is the Hadamard gate. <math>H^{0} = I, H^{1} = H</math>. | **<math>H</math> is the Hadamard gate. <math>H^{0} = I, H^{1} = H</math>. | ||
**<math>\gamma</math> is the probability that | **<math>\gamma</math> is the probability that Sender (Receiver) prepares (measures) a qubit in the <math>X</math> basis. | ||
**<math>\epsilon_{\rm EC}</math>, <math>\epsilon'_{\rm EC}</math> are the error probabilities of the error correction protocol. | **<math>\epsilon_{\rm EC}</math>, <math>\epsilon'_{\rm EC}</math> are the error probabilities of the error correction protocol. | ||
**<math>\epsilon_{\rm PA}</math> is the error probability of the privacy amplification protocol. | **<math>\epsilon_{\rm PA}</math> is the error probability of the privacy amplification protocol. | ||
Line 49: | Line 49: | ||
and <math>h(\cdot)</math> is the [[binary entropy function]]. | and <math>h(\cdot)</math> is the [[binary entropy function]]. | ||
In the above equation for key length, the parameters <math>\epsilon_{\rm EC}</math> and <math>\epsilon'_{\rm EC}</math> are error probabilities of the classical error correction subroutine. At the end of the error correction step, if the protocol does not abort, then | In the above equation for key length, the parameters <math>\epsilon_{\rm EC}</math> and <math>\epsilon'_{\rm EC}</math> are error probabilities of the classical error correction subroutine. At the end of the error correction step, if the protocol does not abort, then Sender and Receiver share equal strings of bits with probability at least <math>1-\epsilon_{\rm EC}</math>. The parameter <math>\epsilon'_{\rm EC}</math> is related with the completeness of the error correction subroutine, namely that for an honest implementation, the error correction protocol aborts with probability at most <math>\epsilon'_{\rm EC}+\epsilon_{\rm EC}</math>. | ||
The parameter <math>\epsilon_{\rm PA}</math> is the error probability of the privacy amplification subroutine and <math>\epsilon_{\rm PE}</math> is the error probability of the parameter estimation subroutine used to estimate <math>Q_X</math>. | The parameter <math>\epsilon_{\rm PA}</math> is the error probability of the privacy amplification subroutine and <math>\epsilon_{\rm PE}</math> is the error probability of the parameter estimation subroutine used to estimate <math>Q_X</math>. | ||
(See [[Quantum Key Distribution]] for the precise security definition) | (See [[Quantum Key Distribution]] for the precise security definition) | ||
Line 59: | Line 59: | ||
#For i=1,2,...,n | #For i=1,2,...,n | ||
## Sender chooses random bits <math>X_i\epsilon\{0,1\}</math> and <math>A_i\epsilon_R\{0,1\}</math> such that <math>P(X_i=1)=\gamma</math> | ## Sender chooses random bits <math>X_i\epsilon\{0,1\}</math> and <math>A_i\epsilon_R\{0,1\}</math> such that <math>P(X_i=1)=\gamma</math> | ||
## Sender prepares <math>H^{X_i}|A_i\rangle</math> and sends it to | ## Sender prepares <math>H^{X_i}|A_i\rangle</math> and sends it to Receiver | ||
## Receiver announces receiving a state | ## Receiver announces receiving a state | ||
## Receiver chooses bit <math>Y_i\in_R\{0,1\}</math> such that <math>P(Y_i=1)=\gamma</math> | ## Receiver chooses bit <math>Y_i\in_R\{0,1\}</math> such that <math>P(Y_i=1)=\gamma</math> |