Thursday 11 June 2009
After raw key exchange of a large number of qubits, the key is sifted, that is the receiver reveals over a conventional communication channel such as Internet — this channel is also known as the classical channel — some information on the sequence of detections he gets. During the sifting the bits that do not have a perfect correlation between the bits of the emitter and those of the receiver are discarded. At the end of the sifting, the sender and the receiver share a correlated key — called the sifted key — that has the same length. Information revealed during the sifting does not allow an eavesdropper to get any information on the key.
Ideal case: perfect system and no eavesdropping
In the BB84 case, the receiver reveals the sequence of filter orientations he used, without disclosing the actual results of his measurements. The emitter uses this information to compare the orientation of the photons he has sent with the corresponding filter orientation. He announces to the receiver in which cases the orientations where compatible and in which they were not. As depicted in the figure called BB84 protocol, the emitter and the receiver now discard from their lists all the bits corresponding to a photon for which the orientations were not compatible.
When using the SARG protocol, the receiver reveals the sequence of measurement results he has had, without disclosing the filter orientations he has used for his measurements. The emitter uses this information plus the polarization he has sent to guess the orientation of the filter used by the receiver. He announces to the receiver in which cases he is able to guess definitely (refer to the SARG article for more details). Both parties will discard the other cases.
After the sifting, the two parties have a sequence of bits — called sifted key — which, in the absence of an eavesdropper, are identical. and can be used as a secret key. The length of the secret key is approximately half (if BB84 is used) or a quarter (when SARG is used) of the raw key.
Effect of eavesdropping
An eavesdropper intercepting the photons will, in half of the cases, use the wrong filter. By doing so, he modifies the state of these photons and will thus introduce errors in the raw key shared by the emitter and receiver.
It is thus sufficient for the emitter and the receiver to check for the presence of errors in the sequence, by comparing over the classical channel a sample of the bits, to verify the integrity of the key. Note that the bits revealed during this comparison are discarded as they could have been intercepted by the eavesdropper. It is important to realize that the interception of the communications over the classical channel by the eavesdropper does not constitute a vulnerability, as they take place after the transmission of the photons.
To remove errors and information that an adversary could have collected, the sifted key must be processed. This process is called Key Distillation. The key resulting from the key distillation is secure and can be used as secret key material.