The BBM92 protocol is a Quantum Key Distribution (QKD) protocol that represents a significant development in the field, building upon the foundations arranged by the earlier BB84 protocol while incorporating the principles of quantum entanglement. Proposed in 1992 by Bennett, Brassard, and Mermin, the BBM92 protocol offers an alternative approach to secure key distribution by leveraging the unique correlations essential in entangled quantum states. It is often described as a modified version of BB84 that utilizes quantum entanglement.
To understand BBM92, it’s important to first recall the basic principles of BB84. BB84 relies on Alice preparing single qubits in one of four possible polarization states (two in a rectilinear basis and two in a diagonal basis) to encode bits, and Bob measuring these qubits in one of the same two casually chosen bases. After the transmission, they compare their chosen bases over a classical channel, keeping only the results where their bases matched. By examining a subset of these shared bits, they can estimate the error rate to detect any potential eavesdropping.
BBM92, utilizes pairs of entangled qubits. The protocol involves an entangled source that releases pairs of qubits in an entangled state, such as the Bell state
|Φ+⟩ = 1/√2 (|00⟩ + |11⟩)
One qubit of each pair is sent to Alice, and the other is sent to Bob.
How Does the BBM92 Protocol Work?
- Entangled Pair Generation and Distribution: An entangled source (which could be operated by Alice, Bob, or a third trusted party) generates a sequence of entangled qubit pairs. For each pair, one qubit is transmitted to Alice via a quantum channel, and the other qubit is transmitted to Bob via another (possibly the same) quantum channel. The specific entangled state commonly used is one of the Bell states. For instance, if the |Φ+⟩ state is used, the two qubits are correlated such that if Alice measures her qubit and finds it to be |0⟩, Bob’s qubit will also be |0⟩ upon measurement in the same basis, and similarly for |1⟩.
- Independent Measurements by Alice and Bob: Once Alice and Bob have received their respective qubits, they independently choose a measurement basis for each qubit they receive. Similar to BB84, Alice and Bob typically choose randomly between two non-orthogonal bases. A common choice is the rectilinear basis (Z-basis: {|0⟩, |1⟩}) and the diagonal basis (X-basis: {|+⟩ = 1/√2 (|0⟩ + |1⟩), |−⟩ = 1/√2 (|0⟩ − |1⟩}). They record both the basis they chose for each measurement and the outcome of the measurement.
- Public Basis Comparison: After Alice and Bob have performed a sufficient number of measurements, they communicate over a public classical channel. For a subset of the transmitted qubits, Bob announces the basis he used for his measurement. Alice then reveals the basis she used for the corresponding qubit. They identify the instances where they both chose the same measurement basis.
- Key Generation from Correlated Measurements: For the qubits where Alice and Bob used the same measurement basis, their measurement outcomes should be correlated due to the initial entanglement. If the entangled state was |Φ+⟩, they should ideally obtain the same measurement result (both 0 or both 1). These matching measurement outcomes form the raw shared key.
- Error Rate Estimation and Eavesdropping Detection: To detect any eavesdropping attempts, Alice and Bob examine a portion of the bits for which they used the same basis. Due to the nature of entanglement, any attempt by an eavesdropper (Eve) to intercept or measure the entangled qubits will inevitably disturb their state, leading to an increased error rate (bit flips) in the correlated measurement outcomes of Alice and Bob. If the observed error rate is below a predetermined threshold, they can be reasonably confident that the key exchange has not been significantly compromised. If the error rate is too high, they may choose to discard the data and repeat the process.
- Error Correction and Privacy Amplification: If the error rate is acceptable, Alice and Bob proceed to error correction to eliminate any remaining discrepancies in their raw keys. This is typically done by exchanging parity information over the public channel in a way that reveals minimal information to a potential eavesdropper. Following error correction, they apply privacy amplification techniques to reduce Eve’s potential knowledge about the final secret key by using a shorter key derived from the error-corrected key.
Security Aspects of BBM92
The security of the BBM92 protocol, like other QKD protocols, on the fundamental principles of quantum mechanics, particularly:
- Measurement Disturbance: Any attempt by an eavesdropper to measure a quantum state will unavoidably disturb it. This disturbance will lead to errors in the connections observed by Alice and Bob when they measure their entangled qubits in the same basis.
- No-Cloning Theorem: The no-cloning theorem of quantum mechanics states that it is impossible to create an identical copy of random unknown quantum state. This stops an eavesdropper from making a perfect copy of the qubits transmitted to Alice and Bob to perform measurements without being detected.
By monitoring the error rate in their correlated measurements, Alice and Bob can improve confidence about the presence or absence of an eavesdropper. A low error rate suggests that the entanglement has not been significantly disturbed through transmission, indicating a secure exchange.
What is the difference between BBM92 and BB84?
- Entanglement as the Principal Resource: The essential distinction is in the use of entangled qubits in BBM92 compared to the production and measurement of individual qubits in BB84. BBM92 fundamentally depends on the correlations of entangled particles, a fundamental principle of quantum physics.
- Origin of Quantum States: In BB84, Alice is tasked with the preparation and transmission of the quantum states. In BBM92, an entangled source produces the states, and Alice and Bob each get one qubit from the entangled pair. This alteration in the source may impact implementation and security assessment.
- Security Basis: Although both protocols are grounded in quantum physics, the security of BBM92 is more explicitly associated with the characteristics of entanglement and the manner in which eavesdropping interferes with these correlations. The analysis frequently entails considerations of Bell’s theorem and the infringement of Bell’s inequalities; however, the fundamental BBM92 protocol typically emphasizes error rate analysis akin to BB84 for practical application. The Ekert91 protocol, which employs entanglement, specifically uses the violation of Bell’s inequalities for security validation.
- Efficiency Considerations: Certain sources indicate that the early iterations of entanglement-based protocols, such as E91, had worse efficiency compared to BB84. The efficiency of QKD protocols is frequently assessed by the quantity of secret key bits produced per transmitted qubit. BBM92, closely associated with entanglement-based quantum key distribution, may have analogous efficiency challenges contingent upon the entanglement source and the losses inside the quantum channels. The maximum distance for exchange may almost quadruple if the EPR source is positioned centrally, presenting a potential benefit.
What is the difference between the BBM92 and B92 protocols?
The difference between the BBM92 and B92 protocols lies in the fundamental quantum resource they utilize for key distribution.
The BBM92 protocol is an entanglement-based Quantum Key Distribution (QKD) protocol. It depends on a source that generates pairs of entangled qubits. One qubit from each pair is sent to Alice, and the other to Bob. They then independently measure their qubits in randomly selected bases and compare these bases publicly. The relationship in their measurement results, due to the initial entanglement, forms the basis for the shared secret key. Eavesdropping attempts are detected by monitoring the error rate in these correlations.
The B92 protocol is a prepare-and-measure QKD protocol. Alice prepares single qubits in one of two non-orthogonal quantum states (e.g., photons with 90° or 135° polarization) and sends them to Bob. Bob measures the received qubits using detectors that can distinguish between states non-orthogonal to Alice’s encoding. Key bits are established based on specific measurement outcomes, and eavesdropping can be detected because any attempt to measure the non-orthogonal states will introduce detectable errors. B92 is considered simpler than BB84 as it uses only two polarization states.
What is the difference between the BBM92 and E91 protocols?
Both the BBM92 and E91 (Ekert91) protocols are entanglement-based Quantum Key Distribution (QKD) protocols, but they differ in their implementation and eavesdropping detection methods.
BBM92 is theoretically closer to the BB84 protocol and relies on an EPR source that emits entangled qubit pairs, distributing one qubit to Alice and the other to Bob. They measure their qubits in randomly chosen bases and publicly compare these bases. Correlated measurements in the same basis form the basis of the shared key, and eavesdropping is detected by monitoring the error rate in these correlations.
E91 also uses an entangled state (Bell states) generated by a source. Alice and Bob independently measure their particles in randomly chosen bases. However, E91 is distinct because it uses Bell’s inequality to detect potential eavesdroppers. By analyzing the connections in their measurement results across different basis choices, Alice and Bob can verify whether the entanglement has been disturbed by an eavesdropper, without needing to directly compare a subset of their key bits. This makes E91 potentially usable in device-independent QKD scenarios.