Quantum key distribution allows Alice and Bob to securely share a secret key using quantum properties of photons. In the BB84 protocol, Alice randomly encodes photons in one of two bases and sends them to Bob. Bob measures in a randomly chosen basis. They discard mismatched results and use the remaining bits as a secure key. An eavesdropper like Eve cannot intercept the photons without introducing errors, revealing her presence. This allows Alice and Bob to detect eavesdropping and ensure the secrecy of their shared key.

1. 1
1. INTRODUCTION
As already mentioned, quantum key distribution (QKD) is a technique that allows
two parties, conventionally called Alice and Bob, to share a common secret key for
cryptographic purposes. Quantum key distribution requires a transmission channel on
which quantum carriers are transmitted from Alice to Bob. In theory, any particle obeying
the laws of quantum mechanics can be used. In practice, however, the quantum carriers are
usually photons, the elementary particle of light, while the channel may be an
optical fiber (e.g., for telecommunication networks). To ensure the confidentiality of
communications, Alice and Bob agree on a common, yet secret, piece of information called
a key. Encryption is performed by combining the message with the key in such a way that
the result is incomprehensible by an observer who does not know the key. The recipient of
the message uses his copy of the key to decrypt the message. But how is the confidentiality
of the key ensured? The laws of quantum mechanics have strange properties, with the nice
consequence of making the eavesdropping detectable. If an eavesdropper, conventionally
called Eve, tries to determine the key, she will be detected. The legitimate parties will then
discard the key, while no confidential information has been transmitted yet. If, on the other
hand, no tapping is detected, the secrecy of the distributed key is guaranteed.
To understand the topic thoroughly the following topics are covered in detail in
this presentation.
• Basics of Quantum Computing
• Need for Quantum Cryptography
• Implementation of Quantum Cryptography
• Quantum Key Distribution protocol BB84
• BB84 with Eavesdropping
• Research and Innovation

2. 2
2. BASICS OF QUANTUM COMPUTING
In quantum information theory, the unit of information is the qubit , the quantum
equivalent of a bit. Examples of physical systems corresponding to a qubit are the spin of
an electron or the polarization of a photon. More precisely, a qubit is described by two
complex numbers and belongs to the set {α|0> + β|1> : |α|2 + |β|2 = 1, α, β ∈ C}, with |0>
and |1> two reference qubits, corresponding to two orthogonal states in a quantum system.
The qubits |0> (α = 1, β = 0) and |1> (α = 0, β = 1) may be thought of as the quantum
equivalent of the bits 0 and 1, respectively. For other values of α and β, we say that the
qubit contains a superposition of |0> and |1>. For instance, the qubits 2−1/2|0> + 2−1/2|1>
and sin π/6|0> +i cos π/6|1> are both superpositions of |0> and |1>, albeit different ones.
The bit 0 can be encoded with either |0> or |+i = 2−1/2|0> + 2−1/2|1>. The bit 1 can be
encoded with either |1> or |−i = 2−1/2|0> − 2−1/2|1> .
To summarise
• Quantum computers use quantum bits (QUBITS) whereas classical computers use bits.
• n bits can represent only one state from 2n
possible states
• n qubits can represent 2n
quantum states simultaneously
• A single qubit can represent 1 or 0 like a bit

3. 3
3. NEED FOR QUANTUM CRYPTOGRAPHY
The power of the security of todays cryptosystems is based on algorithmic
complexity; it is difficult in practice to deduce the secret key from the public key in a
reasonable delay. Many cryptographic schemes in use today would be broken with either
unanticipated advances in hardware and algorithm of the advent of quantum computers.
Another disadvantage of cryptosystems that rely on classical computers is that the bits in
classical cryptography can be copied anonymously. There is an advanced quantum
algorithm called Shor’s algorithm proposed by the computer scientist Peter Shor. Shor’s
algorithm, if implemented properly using a quantum computer can break almost any
current cryptosystems in a reasonable time. Many rival nations and organizations already
have a large amount of encrypted secret data. These secrets cannot remain as secrets forever
as it can be decrypted using a quantum computer. Organizations like NASA, Google, and
the Universities Space Research Association (USRA) have already set up a Quantum
Artificial Intelligence Lab (QuAIL) which can pursue such missions.
Quantum computers are now commercially available. A quantum computer
manufacturing company named D-Wave has released two versions of their quantum
computer series, namely D-Wave One and D-Wave Two. So quantum cryptography is
highly significant for an alternate way of encryption.
Figure 1: D-Wave Two

4. 4
4. IMPLEMENTATION OF QUANTUM CRYPTOGRAPHY
In practice, however, the quantum carriers are usually photons, the elementary
particle of light, while the channel may be an optical fiber (e.g., for telecommunication
networks) or the open air (e.g., for satellite communications or through lasers) .The
classical channel is also used to verify the authenticity and preserve confidentiality of the
keys generated.

5. 5
5. QUANTUM KEY DISTRIBUTION PROTOCOL – BB84
BB84 protocol was proposed by computer scientists Bennett and Brassard. BB84
keeps a privileged place in the list of existing protocols: it is the one most analysed and
most often implemented, including those used in commercial products.
5.1 PHOTON POLARISATION
It uses the idea of Photon polarization. Photons are used to represent single qubits
(1,0). The encoding of the qubit can be done in the polarization of the photon or in its phase.
While phase encoding is usually preferred for photons traveling in an optical fiber,
polarization coding is the option of choice for the open air. The unpolarised photon is
passed through a polarisation filter which has two modes namely rectilinear polarisation
(+) and diagonal polarisation (x) . Both modes can be used to generate both one and zero
qubit which is distinct in nature by their polarisations.
Figure 2: Rectilinear and Diagonal polarisation mode

6. 6
5.2 DESCRIPTION
Alice chooses binary key elements randomly and independently, denoted by the
random variable X ∈ X = {0, 1}. In this protocol, there are two encoding rules, numbered
by i ∈ {1, 2}. Alice randomly and independently chooses which encoding rule she uses for
each key element.
• In case 1, Alice prepares a qubit from the basis {|0>, |1>} as
X → |Xi.
• In case 2, Alice prepares a qubit from the basis {|+i, |−i} as
X → 2−1/2(|0> + (−1)X|1>).
On his side, Bob measures either Z or X, yielding the result YZ or YX, choosing at
random which observable he measures. After sending a predefined number of qubits, Alice
reveals to Bob the encoding rule for each of them. They proceed with sifting, that is, they
discard the key elements for which Alice used case 1 (or case 2) and Bob measured Z (or
X). For the remaining (sifted) key elements, we denote Bob’s sifted measurements by Y
.From an observer’s point of view, the mixed states that Alice sends in case 1 and in case
2 are indistinguishable, i.e., 1/2|0>h0| +1/2|1>h1| =1/2|+ih+| +1/2|−ih−| =I/2. As a
consequence, Eve cannot obtain any indication as to whether she is measuring a case 1 or
case 2 qubit, whatever the statistics she accumulates.

7. 7
6 . STEPS IN BB84 PROTOCOL
• Step 1 : Sender transmits a random sequence of 1’s and 0’s ( bits),which is converted into
photon states by randomly using rectilinear and diagonal polarisation schemes .
• Step 2 : Receiver randomly interprets the photon states by randomly using his rectilinear
and diagonal detectors
• Step 3 : Receiver sends information about sequence of detectors used randomly over a
classical channel.
• Step 4 : Sender in return tells the matching polarisation scheme guessed by receiver.
• Step 5 : Sender and receiver eliminates the unmatched interpretations and use the remaining
binary equivalent as the key.

8. 8
7. BB84 AND EAVESDROPPING
Imagine that Alice wants to send Bob an encrypted message, which consists of a
series of 1’s and 0’s. She represents the 1’s and 0’s by sending photons with certain
polarizations. Alice has two possible schemes for associating photon polarizations with 1
or 0. In the first scheme, called the rectilinear or +-scheme, she sends to represent 1, and to
represent 0. In the other scheme, called the diagonal or ×-scheme, she sends to represent 1,
and to represent 0. To send a binary message, she switches between these two schemes in
an unpredictable way. Alice transmits the first 1 using the +-scheme, and the second 1 using
the ×-scheme. Hence, 1 is being transmitted in both cases, but it is represented by
differently polarized photons each time.
If Eve wants to intercept this message, she needs to identify the polarization of each
photon. To measure the polarization of each photon Eve must decide how to orient her
Polaroid filter as each one approaches. She cannot know for sure which scheme Alice will
be using for each photon, so her choice of Polaroid filter will be haphazard and wrong half
the time. Hence, she cannot have complete knowledge of the transmission.
An easier way to think of Eve’s dilemma is to pretend that she has two types of
Polaroid detector at her disposal. The +-detector is capable of measuring horizontally and
vertically polarized photons with perfect accuracy, but is not capable of measuring
diagonally polarized photons with certainty, and merely misinterprets them as vertically or
horizontally polarized photons. On the other hand, the ×-detector can measure diagonally
polarized photons with perfect accuracy, but cannot measure horizontally and vertically
polarized photons with certainty, misinterpreting them as diagonally polarized photons. For
example, if she uses the ×-detector to measure the first photon, which is
, she will misinterpret it as
or
. If she misinterprets it as

9. 9
, then she does not have a problem, because this also represents 1, but if she misinterprets
it as
then she is in trouble, because this represents 0. To make matters worse for Eve, she
only gets one chance to measure the photon accurately. A photon is indivisible, and so she
cannot split it into two photons and measure it using both schemes.
This system seems to have some pleasant features. Eve cannot be sure of accurately
intercepting the encrypted message, so she has no hope of deciphering it. However, the
system suffers from a severe problem-Bob is in the same position as Eve, inasmuch as he
has no way of knowing which polarization scheme Alice is using for each photon, so he
too will misinterpret the message. The obvious solution to the problem is for Alice and Bob
to agree on which polarization scheme they will use for each photon. For the example
above, Alice and Bob would share a list, or key, that reads + × + × × × + + × ×. Alice has
to get the list of polarization schemes securely to Bob. Alice could encrypt the list of
schemes by employing a public key cipher such as RSA, and then transmit it to Bob.
Figure 3 : BB84 Working with Eavesdropping

10. 10
Quantum cryptography requires three preparatory stages. Although these stages do
not involve sending an encrypted message, they do allow the secure exchange of a key
which can later be used to encrypt a message.
Stage 1. Alice begins by transmitting a random sequence of 1’s and 0’s (bits), using
a random choice of rectilinear (horizontal and vertical) and diagonal polarization schemes.
Stage 2. Bob has to measure the polarization of these photons. Since he has no idea
what polarization scheme Alice has used for each one, he randomly swaps between his +-
detector and his ×-detector. Sometimes Bob picks the correct detector, and sometimes he
picks the wrong one. If Bob uses the wrong detector he may well misinterpret Alice’s
photon. For example, in the top line, Alice uses the rectilinear scheme to send 1, and thus
transmits ↕; then Bob uses the correct detector, so he detects ↕, and correctly notes down 1
as the first bit of the sequence. In the next line, Alice does the same thing, but Bob uses the
incorrect detector, so he might detect or which means that he might correctly note down 1
or incorrectly note down 0.
Stage 3. At this point, Alice has sent a series of 1’s and 0’s and Bob has detected
some of them correctly and some of them incorrectly. To clarify the situation, Alice then
telephones Bob on an ordinary insecure line, and tells Bob which polarization scheme she
used for each photon-but not how she polarized each photon. So she might say that the first
photon was sent using the rectilinear scheme, but she will not say whether she sent or Bob
then tells Alice on which occasions he guessed the correct polarization scheme. On these
occasions he definitely measured the correct polarization and correctly noted down 1 or 0.
Finally, Alice and Bob ignore all the photons for which Bob used the wrong scheme, and
concentrate only on those for which he guessed the right scheme. In effect, they have
generated a new shorter sequence of bits, consisting only of Bob’s correct measurements.
Each 1 and each 0 is represented by a polarized photon, according to either the
rectilinear (horizontal/vertical) or diagonal polarization scheme. Bob measures each
photon using either his rectilinear or his diagonal detector. He chooses the correct detector
for the leftmost photon and correctly interprets it as 1. However, he chooses the incorrect
detector for the next photon. He happens to interpret it correctly as 0, but this bit is
nevertheless later discarded because Bob cannot be sure that he has measured it correctly.
These three stages have allowed Alice and Bob to establish a common series of
digits, such as the sequence 11001001 agreed in Figure 76. The crucial property of this

11. 11
sequence is that it is random, because it is derived from Alice’s initial sequence, which was
itself random. Furthermore, the occasions when Bob uses the correct detector are also
random. The agreed sequence does not therefore constitute a message, but it could act as a
random key. At last, the actual process of secure encryption can begin.
This agreed random sequence can be used as the key for a onetime pad cipher. Alice
and Bob have agreed on a onetime pad, and the laws of quantum physics actually forbid
Eve from successfully intercepting it. It is now time to put ourselves in Eve’s position, and
then we will see why she is unable to intercept the key. As Alice transmits the polarized
photons, Eve attempts to measure them, but she does not know whether to use the +-
detector or the ×-detector. On half the occasions she will choose the wrong detector. This
is exactly the same position that Bob is in, because he too picks the wrong detector half the
time. However, after the transmission Alice tells Bob which scheme he should have used
for each photon and they agree to use only the photons which were measured when Bob
used the right detector. However, this does not help Eve, because for half these photons
she will have measured them using the incorrect detector, and so will have misinterpreted
some of the photons that make up the final key.
7.1 FINAL PROCESSING
• Retained bit sequence (KEY) : 001110010100110
• Confirms some randomly chosen bit values over classical channel like Internet or
telephone : 001110010100110
If no eavesdropping happened, the values will be same for both Alice and Bob. Then
they drop the confirmed bits and uses the rest as
FINAL KEY: 01100101010
Else if any mismatch occurs, eavesdropping is confirmed and current key generation is
cancelled.

12. 12
8. RESEARCH AND INNOVATION
 A team of researchers from Google and University of California have introduced advanced
qubit correction mechanism.
 Tokyo Quantum Key Distribution Network deployed in October 2010
 Toshiba Quantum Key Distribution Network deployed exceeding 100 km in length
 Swiss Quantum Key Distribution Network in Geneva metropolitan area
 QC based voting machine developed by Id Quantique, is used in the Swiss canton of
Geneva during the October 2007 parliamentary elections.

13. 13
9. CONCLUSION
Quantum cryptography (or quantum key distribution) is a state-of-the-art technique
that exploits the properties of quantum mechanics to guarantee the secure exchange of
secret keys. QKD offers unconditionally secure communication based on quantum
mechanics. Quantum Cryptography has been proven secure even against the most general
attack allowed by the laws of physics and is a promising technology for adoption in realistic
cryptographic applications

14. 14
10. REFERENCES
1. C. H. Bennett, G. Brassard and A. K. Ekert, Quantum cryptography, Sci.Am. 267, 50–
57 (1992).
2. M. Ben-Or, M. Horodecki, D. W. Leung, D. Mayers and J. Oppenheim, The universal
composable security of quantum key distribution, Proc. Second Theory of Cryptography
Conf. (TCC), 386–406 (2005)
3. R. All´eaume, F. Treussart, G. Messin et al., Experimental open-air quantum key
distribution with a single-photon source, New J. Phys. 6, 92 (2004)
4. K. Bencheikh, T. Symul, A. Jankovic and J.-A. Levenson, Quantum key distribution
with continuous variables, J. Mod. Opt. 48, 1903–1920 (2001).
5. C. H. Bennett, Quantum cryptography using any two non-orthogonal states,Phys. Rev.
Lett. 68, 3121–3124 (1992).
6. W. T. Buttler, S. K. Lamoreaux, J. R. Torgerson et al., Fast, efficient error reconciliation
for quantum cryptography, Phys. Rev. A 67, 052303 (2003).
7. R. Calderbank and P. W. Shor, Good quantum error-correcting codes exist, Phys. Rev.
A 54, 1098–1105 (1996).