Talk:BB84

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Low‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Low-importance).

Provably Secure

Latest comment: 14 years ago4 comments3 people in discussion

What does 'provably secure' mean here?

The protocol includes a 'check to see if more than a certain number of them agree'. How is this 'certain number' determined? Or can it be chosen freely? If it can be chosen freely, doesn't a lower number make the protocol 'less secure'? If so, how is the system 'provably secure' if it depends on such a choice? --Raboof (talk) 09:25, 5 July 2008 (UTC)Reply

The number is determined by security proofs, which basically say "if the error rate is ${\displaystyle X}$ , the maximum possible information Eve could have about the key is ${\displaystyle Y}$ ". Provided the maximum information Eve could have is not 100%, then privacy amplification can be used to reduce Eve's information to an exponentially small amount. (Privacy amplification basically involves the key being distilled into a shorter key). The 'certain number' you mention corresponds to the error rate where Eve's information is 100%... if this is the case then no secure key can be distilled and transmission should be aborted.

The security of BB84 has been proven in several ways, but the most widely cited proof is the Shor and Preskill one ([1]). In this Eve is allowed to carry out any attack allowed by quantum theory, and a secure key can be produced provided the error rate is less than 11%. The main Quantum Cryptography page contains more information on this.

– centie (talk) 20:10, 7 September 2008 (UTC)Reply

No discussion of man-in-the-middle? There's no such thing as ideal security in practice. 67.171.234.166 (talk) 00:56, 18 May 2009 (UTC)Reply

Quantum_cryptography#Man_in_the_middle_attack

Of course 'ideal' is unattainable, but that doesn't mean we shouldn't try for as close as possible.

- centie (talk) 18:02, 23 May 2009 (UTC)Reply

Requirements for 'practical' use

Latest comment: 15 years ago2 comments2 people in discussion

To use this protocol, you'd need a 'quantum channel' to send the qubits over, which requires a dedicated fiber line between Alice and Bob, right? --Raboof (talk) 09:30, 5 July 2008 (UTC)Reply

Yep, a quantum channel is needed, which can be anything that preserves the quantum information your transmitting. A fiber line works for photons, but it doesn't necessarily have to be dedicated provided the multiplexed signals don't interfere with the quantum signal too much. Using free space as a channel (sending the photons through open air) also works quite well, one group's demonstrated this over 144 km and they next want to try it with a satellite ([2]).

– centie (talk) 20:22, 7 September 2008 (UTC)Reply

undefined symbols

Latest comment: 12 years ago1 comment1 person in discussion

Like all too many articles on quantum mechanics, general relativity, and other areas of advanced physics, this article uses symbols that are not meaningful to most readers. Okay, Alice sends ${\displaystyle |\psi \rangle }$  . So what? What does ${\displaystyle |\psi \rangle }$  mean?

You need to be a subject matter expert in order to understand this article, but if you already know QM and/or quantum cryptography, you don't need to read this article.

IMHO, articles of this sort should define any symbols not found in high school math or first year calculus. Or maybe even the calculus symbols should be defined. Bgoldnyxnet (talk) 15:22, 28 September 2011 (UTC)Reply

This page is redundant

Latest comment: 12 years ago1 comment1 person in discussion

there is a much more thorough explanation on the quantum key distribution page. — Preceding unsigned comment added by 80.216.9.219 (talk) 21:52, 2 January 2012 (UTC)Reply

Why was the paper withdrawn?

Latest comment: 10 years ago1 comment1 person in discussion

The first reference, doi:10.1016/j.tcs.2011.08.039, is listed as WITHDRAWN. Why was it withdrawn? Also, why is the year for this reference listed as 2011 rather than 1984? Dstahlke (talk) 22:41, 16 April 2014 (UTC)Reply

Need to qualify "quantum" stuff

Latest comment: 7 years ago1 comment1 person in discussion

Sometimes something quantical does happen in practice, for example A two-qubit logic gate in silicon in 2015. Therefore, it is misleading to assume that the word quantum in a prominent position in the lede conveys that no key was ever distributed using this method. (Do quantum channels exist?)

I'd propose theoretical, but there must be a better adjective to convey that fact. Thanks ale (talk) 18:09, 21 May 2016 (UTC)Reply

What about quantum storage?

Latest comment: 6 years ago1 comment1 person in discussion

Assuming quantum storage, I don't see how this unbreakable. Imagine, if instead of measuring b right away, Eve simply quantumly stores the qubit via quantum entanglement and waits for Alice to announce b, and Bob to communicate which b' values do not match. This tells Eve what b' to use to measure the store qubits. Since all the quantumly entangled qubits are now aligned with Bob's measurements, Eve learns a' simply by measuring the stored qubits. So now Alice, Bob, and Eve all know the same secret.Bill C. Riemers (talk) 19:04, 2 October 2017 (UTC)Reply

Quantum key distribution explanation is better

Latest comment: 2 years ago1 comment1 person in discussion

This article could use some of the table and explanations from Quantum_key_distribution section on BB84.--ReyHahn (talk) 13:26, 26 May 2021 (UTC)Reply

Final paragraph of Description

Latest comment: 2 years ago2 comments2 people in discussion

I’m a total non-expert reading this article. I thought maybe my confusion would be helpful in improving this page. I got confused as soon as I got to the final paragraph in the description of the protocol:

From the remaining ${\displaystyle \displaystyle k}$  bits where both Alice and Bob measured in the same basis, Alice randomly chooses ${\displaystyle \displaystyle k/2}$  bits and discloses her choices over the public channel.

When did Alice measure something? I get from context that this means the bits where ${\displaystyle b}$  and ${\displaystyle b'}$  agree, so does this mean where Bob's choice of basis (via the bits in ${\displaystyle b'}$ ) matches Alice’s choice of basis (via the bits in ${\displaystyle b}$ )?

And then when Alice discloses bits, is she disclosing just the indices of those bits, or the bits together with their indices? Would these be bits of (on Alice's side) this tensor product ${\displaystyle |\psi \rangle }$ , versus (on Bob's side) the mangled, eavesdropped, transmitted version ${\displaystyle a'}$ ? Er, maybe on Alice's side it would be the result of her measurement of ${\displaystyle |\psi \rangle }$ . Is that right?

If this check passes, Alice and Bob proceed to use information reconciliation and privacy amplification techniques to create some number of shared secret keys.

They’re creating shared secret keys out of the bit string they've decided they both have a copy of. Is that right? — Preceding unsigned comment added by Yipe! That's me (talk • contribs) 20:35, 9 June 2021 (UTC)Reply

you're right, the wording was not clear: Alice does not "hold states" of "measure qubits" in the BB84 protocol: she prepares them and sends them to Bob, only keeping the classical bit strings b (denoting the bases used in preparation) and a (the bit values encoded. The Bob measures (with randomly chosen bases b'. Then Alice announces which bases she used (the string b), so that the two can now identify the indices of the bits for which the two bases are different. These are discarded. The remaining bits are used to check if the error rate is sufficiently low and the remaining ones are then a shard secret bit sequence (the information that Eve can have about it can be upper bounded), which can be further improved with standard techniques such as reconciliation and privacy amplification (provided the error rate was small enough).

I hope the (slightly) rewritten paragraph is now clearer. --Qcomp (talk) 18:17, 10 June 2021 (UTC)Reply