Quantum Cryptography: Public Key Distribution and Coin Tossing (BB84)

The BB84 protocol is based upon the article, ‘Quantum Cryptography: Public Key Distribution and Coin Tossing’ by Charles Bennett and Gilles Brassard, which was published in 1984.

The following information has been extracted from parts I-III of the article.

Most digital communication channels can be either passively monitored or actively copied, whether or not the information is encrypted. If the information is encoded in non-orthogonal quantum states however, then the channel is in theory unable to be monitored or copied without the outside party having critical information on the formation of the transmission. If the outside party were to eavesdrop, this would cause the transmission to be altered in such a way that their presence would be discernible to the legitimate party that received the transmission.

Quantum coding then, can be used to enable secure distribution of key information between two parties that have no initial shared secret information. This however can only occur under the proviso that both parties have access to a quantum channel and an ordinary channel that may be susceptible to passive eavesdropping. This can be done with the use of polarized photons.

Polarized photons are created by polarizing a beam of light with polarizing equipment such as Polaroid filters or calcite crystals. Photons contain quantum mechanical properties, which results in the uncertainty principle constraining the measurements of a single photon to reveal a single bit in regards to its polarization state. Photons, however, will behave deterministically if the orientation of the photon is either parallel of perpendicular to the orientation of the filter. Parallel orientation results in complete transmission, and perpendicular orientation results in complete absorption. If the two axes of orientations are not perpendicular, then an incident photon of orientation α passing through a polarizer of orientation β will result in a transmitted photon of orientation β.  A photon can also not be cloned due to cloning being contradictory to the nature of quantum mechanics.

(This following paragraph contains mostly copied portions from the article as it involves their formalism in introducing quantum mechanics)
A photon is a sub-atomic particle that is subject to quantum effects. Quantum mechanics can be considered as the interpretation of photon’s state within a defined quantum system, which is a ‘vector, ψ, with the properties of being unit length in a linear space, Η, over field of complex numbers.’ This space is known as Hilbert space. For a Hilbert space, ‘each physical measurement, defined as M, upon the system corresponds to a resolution of its H space into orthogonal subspaces, one for each possible outcome of the measurement.’ For the system in a state, which is denoted by ψ, has a physical measurement, M, acted upon it, ‘its behavior is in general probabilistic: where outcome, k, occurs with a probability equal to: Probabilistic outcome of M_k and psiAfter the measurement, the system is left in a new state:Normalized unit vectorWhich is the normalized unit vector in the direction of the old state vector’s projection into the subspace M_k. This measurement has a deterministic outcome which leaves the state vector unmodified.’ The implies that the outcome of the physical measurement will always provide a unique outcome from the same set of input variables. In other words, this measurement can be considered as a 1-1 function.
‘The Hilbert space for a single polarized photon is two-dimensional, which implies that the state of the photon can be described as a linear combination of two unit vectors that represent horizontal and vertical polarization.’ These unit vectors are:
Horizontal and Vertical Unit Vectors‘A photon polarized at an angle, α, to the horizontal is described by the state vector (cosα, sinα).’ When the photon is subject to horizontal polarization, the photon has a probability of (cosα)^2 at becoming horizontal. This is similar for vertical polarization, where the photon has the probability of (sinα)^2 at becoming vertical. This implies that ‘the two orthogonal vectors r_V and r_H exemplify the resolution of a 2-dimensional Hilbert space into 2 orthogonal 1-dimensional subspaces.’
‘An alternative basis for the same Hilbert space can be considered with two diagonal basis vectors:
Diagonal Basis VectorsWhere d_1 represents a 45-degree photon, and d_2 represents a 135-degree photon.’

For non-quantum cryptography, a trapdoor function is used in a public key to initially encrypt a message between two parties in order to hinder any passive eavesdropping. For quantum cryptography, the public key is used to send a sequence of random bits between two parties, rather than a message. The two parties can communicate over a non-quantum channel and with high probability, determine whether the original transmission of random bits has been subject to eavesdropping. If the transmission has been subject to eavesdropping, the disrupted material can be disposed of, and the transmission attempt repeated until a sufficient number of random bits have been exchanged for them to use as a one-time pad. If the transmission has not been subject to eavesdropping, then the shared random bits can be used as a one-time pad to encrypt any further communications or other cryptographic purposes.

The transmission of the random bits through a quantum channel is as follows: Party A, or Alice, chooses a random bit string and a random sequence of polarization bases, that are either rectilinear or diagonal. Alice sends a train of photons to party B, or Bob, where each photon represents a single bit of the string in the basis chosen for that bit position. The photon is a binary zero if the polarization is horizontal or at 45-degrees, and is a binary one if the polarization is vertical or at 135 degrees. Once Bob has received the photons, he can either choose to measure the rectilinear or diagonal polarization of the photons. Bob’s measurements influence the result that he obtains from the polarized photons. As such, if he attempts to measure the rectilinear polarization of a diagonally polarized photon, or vice versa, the information is lost and he receives a non-deterministic result. This implies that Bob will only obtain meaningful results from half of the data. This percentage of meaningful results is an optimal proportion, as in reality, the use of imperfectly-efficient detectors would result in a reduction of photons received. Bob can communicate his results to Alice over a non-quantum encrypted channel that provides Bob and Alice with authentic and non-repudiable messages, but may be susceptible to passive eavesdropping.

Any eavesdropping on the quantum transmission can result in the diagonal and rectilinear photons becoming altered which will cause disagreements between Alice and Bob on bits that would have originally matched. ‘No measurement of a polarized photon during its transit, by an eavesdropper informed of the original basis, will yield more than 1/2 the expected bits of information about the key bit encoded on that photon.’ ‘Were the eavesdropper to measure and re-transmit all of the photons in the rectilinear basis, they would be able to learn the correct polarization of half of the photons and would induce disagreements in 1/4 of the photons that were re-measured in the original basis.’ The implications of this information is that Bob and Alice can publicly compare some of the bits that are likely to agree. If the bits do agree, then Alice and Bob can be confident that no eavesdropping has occurred. Although this method does reduce the secrecy of some of the bits, only a small portion of correctly received bits need to be used, which results in the remaining received bits staying secure.

The received bits can be used as a one-time pad for further secure communication between Bob and Alice over a public channel. The concern for the public channel to not be compromised by active eavesdropping is reduced if Wegman-Carter authentication tags are implemented through a previous agreement of a small secret key. The suggestion for the WC authentication method is due to the unlikely-hood of an eavesdropper, ignorant of the key, being able to reproduce a valid message-tag pair. The WC method also involves the gradual loss of bits which cannot be reused without compromising the security of the system. However, these bits can be replaced by new random bits that are transmitted through the quantum channel.

One of the important advantages of using quantum key distribution is that both Alice and Bob have a high probability of being able to discern whether their exchange is being eavesdropped, and hence, compromised.



Bennett and Brassard, (December 1984) Quantum Cryptography: Quantum Key Distribution and Coin Tossing. https://www.research.ibm.com/people/b/bennetc/bennettc198469790513.pdf

One thought on “Quantum Cryptography: Public Key Distribution and Coin Tossing (BB84)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s