BB84

In the BB84 scheme, Alice wishes to send a private key to Bob. She begins with two strings of bits, ${\displaystyle a}$ and ${\displaystyle b}$, each ${\displaystyle n}$ bits long. She then encodes these two strings as a tensor product of ${\displaystyle n}$ qubits:

${\displaystyle |\psi \rangle =\bigotimes _{i=1}^{n}|\psi _{a_{i}b_{i}}\rangle ,}$

where ${\displaystyle a_{i}}$ and ${\displaystyle b_{i}}$ are the ${\displaystyle i}$-th bits of ${\displaystyle a}$ and ${\displaystyle b}$ respectively. Together, ${\displaystyle a_{i}b_{i}}$ give us an index into the following four qubit states:

${\displaystyle |\psi _{00}\rangle =|0\rangle ,}$

${\displaystyle |\psi _{10}\rangle =|1\rangle ,}$

${\displaystyle |\psi _{01}\rangle =|+\rangle ={\frac {1}{\sqrt {2}}}|0\rangle +{\frac {1}{\sqrt {2}}}|1\rangle ,}$

${\displaystyle |\psi _{11}\rangle =|-\rangle ={\frac {1}{\sqrt {2}}}|0\rangle -{\frac {1}{\sqrt {2}}}|1\rangle .}$

Note that the bit ${\displaystyle b_{i}}$ is what decides which basis ${\displaystyle a_{i}}$ is encoded in (either in the computational basis or the Hadamard basis). The qubits are now in states that are not mutually orthogonal, and thus it is impossible to distinguish all of them with certainty without knowing ${\displaystyle b}$.

Alice sends ${\displaystyle |\psi \rangle }$ over a public and authenticated quantum channel ${\displaystyle {\mathcal {E}}}$ to Bob. Bob receives a state ${\displaystyle {\mathcal {E}}(\rho )={\mathcal {E}}(|\psi \rangle \langle \psi |)}$, where ${\displaystyle {\mathcal {E}}}$ represents both the effects of noise in the channel and eavesdropping by a third party we'll call Eve. After Bob receives the string of qubits, all three parties, namely Alice, Bob and Eve, have their own states. However, since only Alice knows ${\displaystyle b}$, it makes it virtually impossible for either Bob or Eve to distinguish the states of the qubits. Also, after Bob has received the qubits, we know that Eve cannot be in possession of a copy of the qubits sent to Bob, by the no-cloning theorem, unless she has made measurements. Her measurements, however, risk disturbing a particular qubit with probability ½ if she guesses the wrong basis.

Bob proceeds to generate a string of random bits ${\displaystyle b'}$ of the same length as ${\displaystyle b}$ and then measures the string he has received from Alice, ${\displaystyle a'}$. At this point, Bob announces publicly that he has received Alice's transmission. Alice then knows she can now safely announce ${\displaystyle b}$. Bob communicates over a public channel with Alice to determine which ${\displaystyle b_{i}}$ and ${\displaystyle b'_{i}}$ are not equal. Both Alice and Bob now discard the qubits in ${\displaystyle a}$ and ${\displaystyle a'}$ where ${\displaystyle b}$ and ${\displaystyle b'}$ do not match.

From the remaining ${\displaystyle k}$ bits where both Alice and Bob measured in the same basis, Alice randomly chooses ${\displaystyle k/2}$ bits and discloses her choices over the public channel. Both Alice and Bob announce these bits publicly and run a check to see whether more than a certain number of them agree. If this check passes, Alice and Bob proceed to use information reconciliation and privacy amplification techniques to create some number of shared secret keys. Otherwise, they cancel and start over.

One practical implementation consists in the transmission of 0°, 90°, 45° and 135° linear polarizations by Alice over optical fiber. This is possible by polarization scrambling or polarization modulation. At the receive end, the four polarizations will usually appear changed, due to fiber birefringence. Before they can be analyzed by Bob they must be transformed back into the original coordinate system by a suitable polarization controller. Here not only an arbitrary polarization is to be transformed into a desired one (0°) but also the phase shift between this polarization (0°) and its orthogonal (90°) is to be controlled. Such a polarization controller must have three degrees of freedom. An implementation with a tracking speed of 20 krad/s on the Poincare sphere is described in [6][7]. This way the whole normalized Stokes space is stabilized, i.e. the Poincare sphere rotation by fiber birefringence is undone.

• SARG04
• E91 – quantum cryptographic communication protocol