Friday 13 March 2020

On the security of quantum key distribution protocols

In an earlier post, we described the BB84 protocol, which allows two parties, say Alice and Bob, to share a secret bit string (called a key) using quantum states.

The protocol works because it uses a set of quantum states that cannot be fully distinguished from each other. Still, you may ask why would this be enough? If we run the protocol, how do we know that the keys the Alice and Bob get are indeed identical and private?

This means we must show that Alice's key is the same as Bob's key, and that any outside party, say Eve, cannot have too much knowledge about either key. That is exactly what we would need to do to prove the security of a quantum key distribution (QKD) protocol.

We say that a QKD protocol is secure if it produces a correct and secret key. A key is correct if Alice and Bob obtain precisely the same bit string. A key is secret if given a set of $N$ possible keys, the probability that Alice and Bob get any particular key is $\frac{1}{N}$. In other words, the key is uniformly distributed.