QKD Security Framework
QKD provides information-theoretic security guaranteed by quantum mechanics. The security relies on:
- No-cloning theorem: eavesdropper cannot copy quantum states
- Measurement disturbance: measuring in the wrong basis introduces errors
The final secret key rate for BB84:
where is the error rate, is the binary entropy function, and is the error correction efficiency.
BB84 Protocol (Detailed)
Encoding:
| Bit | Z-basis | X-basis |
|---|---|---|
| 0 | 0rangle | |
| 1 | 1rangle |
Steps:
- Alice sends qubits with random bit and basis choices
- Bob measures each qubit in a random basis
- Public basis reconciliation: keep only matching-basis rounds
- Sifted key: approximately bits remain
- Parameter estimation: publicly compare subset to estimate error rate
- Error correction: reconcile errors (e.g., Cascade protocol)
- Privacy amplification: compress to final key
E91 Protocol
The E91 protocol uses entanglement and Bell's inequality:
- Source produces Bell pairs
- Alice and Bob measure in randomly chosen bases
- Key generation: same-basis measurements
- Security check: different-basis measurements test Bell's inequality
The CHSH parameter:
If , Bell inequality is violated, confirming security.
Device-Independent QKD
DI-QKD provides security even when devices are untrusted:
- Security relies only on the observed Bell violation
- No assumptions about the internal workings of devices
- The Bell violation certifies the presence of entanglement
DI-QKD requires high-efficiency detectors (>82% for CHSW), low-loss channels, and high-rate sources.
Continuous-Variable QKD
CV-QKD uses quadratures of light instead of photon polarization:
- GG02 protocol: uses coherent states and homodyne detection
- Advantages: compatible with standard telecom components
- Disadvantages: limited range, lower key rates at long distances
The secret key rate:
where is the reconciliation efficiency.
QKD Networks
Practical QKD networks require:
- Trusted nodes: intermediate stations where keys are relayed
- Quantum repeaters: enable long-distance entanglement (not yet practical)
- Key management: key storage, distribution, and refresh
The Tokyo QKD Network and Beijing-Shanghai backbone demonstrate metropolitan and inter-city QKD.
Python: QKD Security Analysis
import numpy as np
def bb84_key_rate(n, error_rate, efficiency=0.95):
def h(x):
if x <= 0 or x >= 1: return 0
return -x * np.log2(x) - (1-x) * np.log2(1-x)
e = error_rate
rate = 1 - h(e) - efficiency * h(e)
return max(0, rate) * n
n = 1000000
for e in [0.01, 0.05, 0.11, 0.15]:
rate = bb84_key_rate(n, e)
print(f"QBER={e:.2f}: {rate:.0f} bits ({100*rate/n:.1f}%)")
correlations = [1, -1, -1, 1]
S = abs(correlations[0] - correlations[1] + correlations[2] + correlations[3])
print(f"CHSH: S = {S:.3f} (max = {2*np.sqrt(2):.3f})")
QKD Protocol Comparison
| Protocol | Basis | Key Generation | Security Proof |
|---|---|---|---|
| BB84 | Discrete | Sifting + error correction | Individual attacks |
| E91 | Entanglement | Bell inequality | Collective attacks |
| B92 | 2 states | Direct | Individual attacks |
| SARG04 | Discrete | Improved sifting | Collective attacks |
| CV-QKD | Continuous | Homodyne detection | Collective attacks |