Articles | QC@B

BB84 Encryption Protocol

March 26, 2019

In this article we will be talking about the first quantum cryptography protocol ever developed, BB84. Named after its inventors—Charles Bennett and Gilles Brassard—and the year of its invention, 1984, BB84 is a protocol to establish a secret key between 2 parties, generally known as Alice and Bob. The protocol enables Alice and Bob to know with high confidence whether the key they generated is secure or not; however, it does not guarantee that they will successfully establish a key. Once the secret key is established, it can be used between Alice and Bob as a one-time pad for secure communication. The procedure is described as follows. Suppose Alice and Bob are connected by two public channels: a bidirectional classical channel (they have each others phone numbers, for example) and a unidirectional quantum channel, meaning that Alice can send single qubits to Bob but not the other way around. We assume that Eve, our eavesdropper, has access to both channels. The process of generating a secret key begins with Alice generating a random sequence of classical bits, a subset of which will eventually be our secret key, as we will see. Alice then randomly encodes each bit of the random bit string in one of two agreed-upon bases: the standard basis or the Hadamard basis. As a reminder, the basis vectors in the Hadamard basis is an equal superposition between the two basis states in the standard basis, shown below.

|+⟩ = ¹⁄_√2 (|0⟩ + |1⟩)
|−⟩ = ¹⁄_√2 (|0⟩ − |1⟩)

To illustrate explicitly, Alice encodes a 0 in either a qubit of state |0⟩ or |+⟩, and a 1 in either |1⟩ or |−⟩. She then sends the qubits to Bob. For every qubit that Bob receives, he randomly picks either basis to measure in. And then over the classical channel (they give each other a call, for example), Bob checks that he received every qubit that Alice sent. Once they make sure that they didnt lose any qubits, they tell each other the basis they used for encoding and decoding the qubits. If there were no eavesdropper, Bobs measurement outcome of a qubit would be exactly the same as what Alice sent if they chose the same basis. If he had chosen a different basis, the measurement would agree with a probability of 50 percent. Since theres no way of knowing which of those 50% agree and which ones disagree without revealing the bits themselves, Alice and Bob simply discards the qubits in which they measured in different bases.

To find out if Eve has compromised their communications, Alice and Bob would choose a subset of the remaining qubits, the ones where they used the same bases, and compare their values. Depending on how confident they want to be, they can choose to compare a bigger or smaller subset of the qubits. If any of the bit values within the subset differ, then they can conclude with certainty that the qubits had been tampered with on the way from Alice to Bob, and thus they will discard the whole string of qubits and restart the process. If none of the bit values differ, then they can be reasonably confident that their secret key is indeed secret.

Let's analyze why exactly this scheme is secure. First, notice that Eve cannot gain any information by just eavesdropping on the classical channel, because Alice and Bob only communicate the basis in which they measured the qubits, and not the bit values themselves. So Eve must intercept the qubits between Alice and Bob. To gain information, she must measure the qubit. However, she does not know which basis to measure in, since Alice and Bob exchanges that information after they confirmed with each other that all the qubits have been transmitted successfully. This means that unfortunately for Eve, she must randomly choose a basis to measure in, and theres only a 50 percent chance that she chooses the correct one. Furthermore, after her measurement, she must send the qubit on along to Bob. If she had measured in the wrong basis, the qubit she transmits will likely be in a different state than Alices original encoding basis. This means that even if Bob measures the qubit in the same basis as Alice, he will only get the same bit value half of the time. Hence, in the last step of the process, when Alice and Bob are comparing a subset of the qubits that they retained, on each qubit Bob has a 25% chance of measuring a different bit value than what Eve sent. In addition, on average, 25% of Eves secret key will be different than Alices intended secret key.

Overall, this scheme is secure because of the fact that measuring a quantum state alters the state to the measurement outcome. This means that Eves presence as an eavesdropper inevitably changes the communication between Alice and Bob, and that change can be detected with a large probability if Alice and Bob compares enough qubits.