Here is another variant of the QKD protocol, due to Ekert [32], which
makes use of correlated quantum pairs as a resource shared between Alice
and Bob. For each key, Bob generates entangled photons and sends one to
Alice.
2
Locally each performs a measurement randomly, according to random
bit strings m
A
and m
B
respectively, in the or the H basis. These bit strings
2
It doesn’t matter who generates the pair. It could also be generated by a third party
and sent to both of them. The quantum channel is used for this purpose.
Information and Communication 193
are shared over a public channel, and Alice and Bob compare them to see
which bits match. The measured values of those bit positions are retained as
the shared key.
The point is that when m
A
and m
B
match, the measurement results,
though random, are perfectly correlated, while when they don’t match, Alice
and Bob get the same result only 50% of the time.
The drawback of this scheme is that Alice and Bob would have to verify
that their photons retained their entanglement when the key was being gen-
erated. To do this, they would have to perform an additional exercise of, say
making sure Bell’s inequality was violated. (For instance, each of them could
measure their photons in three different bases and share the values.)
Example 9.4.3. An example of the entangled QKD scheme: suppose Alice
and Bob share a huge supply of qubits in the state |β
00
i.
Index 1 2 3 4 5 6 7 8 9 10 11 12
m
A
0 1 0 1 0 0 0 1 1 1 0 0
m
B
1 1 1 0 1 0 1 0 0 0 1 0
K 0 0 1
The presence of an eavesdropper Eve is detected the same way as for the
BB84 scheme. The list of possible secure key-distribution schemes is quite
long, and you are invited to contribute to it!
9.5 Information Reconciliation and Privacy Amplifica-
tion
The sifting procedure in QKD protocols is to ensure the degree of security
of the channel. The presence of an eavesdropper is detected by errors above
a certain tolerance margin, say 20%. However, natural errors in the channel
could also cause discrepancies in the shared key. To remove these, and to
ensure further security on the shared key, two classical procedures known as
information reconciliation (a form of error correction) and privacy amplifica-
tion are carried out.
The basic idea of information reconciliation is to perform a parity check on
a subset of the key, compare, and correct. At the two-bit level, parity is just
an XOR. So Alice could randomly select two bits out of k
A
, announce their
positions and XOR to Bob. He then compares the parity of the same bits in
k
B
. If they do not match these bits are discarded. If they do then they decide
194 Introduction to Quantum Physics and Information Processing
to discard the second bit. This ensures that Eve does not learn anything more
about their key from their discussion.
The more sophisticated version generalizes this process, as first described
in 1992 by Bennett et al. [8]. They proceed in several iterations of essentially
the same process, but first dividing their keys into predetermined blocks and
checking the parity of the block. If the parity doesn’t match then they re-
cursively bisect their blocks to detect the location of the error and discard
it. To ensure that Eve doesn’t learn anything more from their parity discus-
sions (which happen in public), they discard the last bit of each block whose
parity is disclosed. This process is repeated many times with increasing block
sizes, until eventually the two keys are ensured to be reconciled with a large
probability.
At the end of information reconciliation, Alice and Bob have identical
keys but whose privacy has been compromised by all the public discussions.
To undo this effect, they resort to privacy amplification. To do this they select
something called a universal hash function to encode their strings. There are
many such functions that provide various bounds for the amount of informa-
tion Eve can gain. One such is to select random subsets of their strings and
to retain their parity bits for a new key.
In any case, both these steps amount to classical error correction and
coding, and will not be dealt with at greater depth in this book.
It is clear from this discussion that depending on the degree of privacy
they choose to have, the initial string length must be fairly large, of the order
of 4 times the length of the desired key.
Problems
9.1. How would the teleportation protocol change if the entangled state shared
by Alice and Bob was any of the other Bell states: |β
01
i, |β
10
i, or |β
11
i?
9.2. Consider the teleportation protocol, and suppose that the unknown qubit
with Alice is entangled with another qubit in the possession of a third party,
Charlie. Show how the protocol teleports the entanglement as well, i.e., at
the end of the protocol, Bob’s qubit is entangled with Charlie’s.
9.3. Formulate the matrix equivalent of the dense coding protocol and show that
it is unitary.
9.4. Analyzing the BB84 more thoroughly, consider that Eve measures every
photon sent by Alice, in the or H basis according to a random string m
e
.
Problems 195
Suppose Alice and Bob now announce m bits out of their shared set. What
is the probability that no error will be found? What fraction of Eve’s bits
would match with Alice’s and Bob’s? Would the public discussion between
Alice and Bob help Eve at all?
9.5. At one point in history, it was suggested that Eve might benefit by measuring
in a basis intermediate between the and H:
|0
e
i = cos
π
8
|0i + sin
π
8
|1i (9.10)
|1
e
i = sin
π
8
|0i − cos
π
8
|1i (9.11)
What is the probability that any one measurement by Eve gives the correct
result? If she prepares and then transmits photons in this basis to Bob, what
is the probability that Bob’s string has an error?
9.6. Suppose Alice prepares two qubits in the entangled state
1
√
2
[|01i − |10i]
and sends one qubit to Bob. Suppose that Eve intercepts and measures
that qubit, and then based on the outcome, prepares and sends a photon
to Bob. What can you say about the correlation between the qubits with
Alice and Bob
Leave a Reply