In [2]:
from IPython.display import HTML

HTML('''<script>
code_show=true; 
function code_toggle() {
 if (code_show){
 $('div.input').hide();
 } else {
 $('div.input').show();
 }
 code_show = !code_show
} 
$( document ).ready(code_toggle);
</script>
<form action="javascript:code_toggle()"><input type="submit" value="Click here to toggle on/off the raw code for QISKit exercises."></form>''')

# 9. Quantum cryptography

The advent of quantum computation, which introduces the possibility of using quantum mechanics for information processing, gave rise to the following question: can quantum information be shared more securely than classical information?

In 1982, a very interesting property of quantum states was discovered [1,2]. This is the so-called "no-cloning theorem", which proved how the laws of quantum mechanics prohibit the copy of an unknown quantum state. Therefore, the no-cloning theorem assures us that qubits can hide the quantum information better than classical bits. 

This has important implication for example for secure communications, where it allows for the sharing of private keys which cannot be eavesdropped by a third party. We consider the first protocol, the BB84 protocol, which exploits the quantum mechanical properties of qubits for secure exchange of a secret key between two parties. 


## 9.1 No-cloning theorem

Let us prove the no-cloning theorem, the fact that an unknown quantum state cannot be copied.
First let us clearly state our problem:

We have a qubit in an unknown quantum state $\lvert \psi \rangle$ and we wish to copy his state on another qubit initilized to the state $\lvert s \rangle$. Therefore, we want to implement the following quantum gate:

\begin{equation}
U\lvert \psi \rangle \lvert s \rangle =\lvert \psi \rangle \lvert \psi \rangle 
\end{equation}

Let us take the unknown quantum state to be 

\begin{equation}
\lvert \psi \rangle  =\alpha \lvert 0 \rangle + \beta \lvert 1 \rangle 
\end{equation}

where the amplitudes $\alpha$ and $\beta$ are unknown.
Therefore we have:

\begin{equation}
U\lvert \psi \rangle \lvert s \rangle =\lvert \psi \rangle \lvert \psi \rangle = (\alpha \lvert 0\rangle +\beta \lvert 1\rangle) (\alpha \lvert 0\rangle +\beta \lvert 1\rangle) = (\alpha^2 \lvert 0\rangle \lvert 0\rangle + \alpha \beta \lvert 0\rangle \lvert 1\rangle +   \beta \alpha \lvert 1 \rangle \lvert 0\rangle + \beta^2 \lvert 1\rangle \lvert 1\rangle)
\tag{1}
\end{equation}


Because of the linearity of operators, we can equivalently write:

\begin{equation}
U\lvert \psi \rangle \lvert s \rangle = U(\alpha \lvert 0\rangle + \beta \lvert 1\rangle )\lvert s\rangle = U(\alpha \lvert 0\rangle \lvert s\rangle + \beta \lvert 1\rangle \lvert s\rangle )=\alpha \lvert 00\rangle +\beta \lvert 11\rangle 
\tag{2}
\end{equation}

Comparing Eqs. (1) and (2), one can see that we come to a contraddiction! Thus, the operation $U$ which copies an unknown quantum state of a qubit onto another qubit is not possible.

## 9.2 BB84 protocol

<img src="figures/9/bb841.jpeg"  width="600">
$$\text{1. BB84 protocol overview.}$$

In Ref. [3], the first protocol for the distribution of a secret quantum key between two parties is described.

First, let us assume that Alice and Bob may exchange qubits and classical information. Also, Alice can prepare a qubit in the $\lvert 0 \rangle$, $\lvert 1 \rangle$, $\lvert + \rangle = \frac{1}{\sqrt{2}} \left( \lvert 0 \rangle + \lvert 1 \rangle\right)$ and $\lvert - \rangle = \frac{1}{\sqrt{2}} \left( \lvert 0 \rangle - \lvert 1 \rangle\right)$ state, and Bob can measure in the standard (Z) $\left\{ \lvert 0 \rangle, \lvert 1 \rangle \right\}$ basis and in the Hadamard (H) $\left\{ \lvert + \rangle, \lvert - \rangle \right\} $ basis. Note that the two bases are non-orthogonal with respect to each other. Measuring in the $\left\{ \lvert + \rangle, \lvert - \rangle \right\} $ basis means that before the standard measurement in the $\left\{ \lvert 0 \rangle, \lvert 1 \rangle \right\} $ basis, Bob applies the Hadamard gate to the qubit. Thus

\begin{equation}
\lvert + \rangle =\frac{1}{\sqrt{2}}(\lvert 0\rangle +\lvert 1\rangle )
\end{equation}

gives $\lvert 0 \rangle$ when measured in the Hadamard basis, and

\begin{equation}
\lvert - \rangle =\frac{1}{\sqrt{2}}(\lvert 0\rangle -\lvert 1\rangle )
\end{equation}

gives $\lvert 1 \rangle$ when measured in the Hadamard basis.



The protocol then works in the following way. Alice picks the bit that she wants to transmit to Bob, either $0$ or $1$. She then prepares a qubit in the corresponding state $\lvert 0 \rangle$ or $\lvert 1 \rangle$, respectively. After that, she randomly decides whether or not to transform her qubit from the standard (Z) basis to the Hadamard (H) basis by applying or not the Hadamard gate her qubit, thus preparing the state $\lvert + \rangle$ or $\lvert - \rangle$. 

Then Alice sends her first qubit to Bob. Bob receives Alice's qubit, selects one of the measurement bases at random and measures it. After that, Alice and Bob tell each other which basis they used through a classical communication channel. 

In general, for every qubit Alice sends to Bob there are four possible scenarios:

<ol>
<li>
Both Alice and Bob used the Hadamard basis.
</li>

<li>
They both used the standard basis.
</li>

<li>
Alice transformed to the Hadamard basis, and Bob measured in the standard basis.
</li>

<li>
Alice used the standard basis, and Bob the Hadamard basis.
</li>
</ol>

When Alice and Bob agree on the same basis, they keep the transferred bit. When they disagree, they discard it. Thus, it is possible for Alice and Bob to securely communicate an $n$ bit private key using $2n$ qubits.


#### Example 

For example, let us consider the case where Alice wants to send the bit $0$. She prepares her qubit in the $\lvert 0 \rangle$ state and then randomly selects whether or not she applies the Hadamard gate to it. Let's say she does apply the Hadamard gate to her qubit, obtaining the $\lvert + \rangle$ state. 

Then, consider, the cased where Bob measures the qubit in the standard basis. After Bob's measurement, Alice and Bob communicate through the classical channel. Alice tells Bob that she  applied the Hadamard gate to her qubit and Bob tells Alice that he measured it in the standard basis. So, they abandon the first bit.

<img src="figures/9/bb84_ex1.jpeg"  width="600">
$$\text{2. Example of one application of the BB84 protocol. In this case, Alice and Bob will discard this bit.}$$


Next, Alice picks a second bit, $1$, encodes it into a qubit and selects at random whether to apply or not the Hadamard gate. Let us now assume that she does not apply the Hadamard gate. Thus, the qubit is in the state $\lvert 1\rangle $. Alice then sends her qubit to Bob. Bob selects at random one of his two measurement bases. Let us consider in this
case that he measures in the standard basis. As the qubit is in the state $\lvert 1\rangle $ the outcome of the measurement will be $1$. Thus, Bob chooses value $1$ for his second classical bit, the same as Alice did. Finally, Alice tells Bob that she did not apply the Hadamard gate, and Bob tells Alice that he measured in the standard basis. So, both Alice and Bob will use the bit with the value $1$ as the first bit in their secret key.


<img src="figures/9/bb84_ex_21.jpeg"  width="600">
$$\text{3. Example of another application of the BB84 protocol.} \\  \text{In this case, Alice and Bob successfully communicate the value of a bit.}$$


### <span style="color:blue"> QISKit: BB84 protocol </span>

#### <span style="color:blue"> 1) Show the communication of one bit </span>

In [3]:
from initialize import *
import random

#initialize quantum program
my_alg = initialize(circuit_name = 'bb84', qubit_number=1, bit_number=1, backend = 'local_qasm_simulator', shots = 1)

#add gates to the circuit

# Alice encodes the bit 1 into a qubit
my_alg.q_circuit.x(my_alg.q_reg[0])

# Alice randomly applies the Hadamard gate to go to the Hadamard basis
a = random.randint(0,1)
if a==1:
    my_alg.q_circuit.h(my_alg.q_reg[0])
    
# Bob randomly applies the Hadamard gate to go to the Hadamard basis
b = random.randint(0,1)
if b==1:
    my_alg.q_circuit.h(my_alg.q_reg[0])

my_alg.q_circuit.measure(my_alg.q_reg[0], my_alg.c_reg[0]) # measures first qubit

# print list of gates in the circuit
print('List of gates:')
for circuit in my_alg.q_circuit:
    print(circuit.name)

#Execute the quantum algorithm
result = my_alg.Q_program.execute(my_alg.circ_name, backend=my_alg.backend, shots= my_alg.shots)

#Show the results obtained from the quantum algorithm 
counts = result.get_counts(my_alg.circ_name)

print('\nThe measured outcomes of the circuits are:',counts)

if a == b:
    print('Alice and Bob agree on the basis, thus they keep the bit')
else: 
    print("Alice and Bob don't agree the same basis, thus they discard the bit")
    

List of gates:
x
h
measure

The measured outcomes of the circuits are: {'0': 1}
Alice and Bob don't agree the same basis, thus they discard the bit




In [4]:
### <span style="color:blue"> QISKit: EPR protocol </span>

In [5]:
#### <span style="color:blue"> 3) Show the communication of one bit </span>

## Exercises


<ol>

<li>
Alice wants to send Bob the following private key

\begin{equation}
101011
\end{equation}

She encodes those bits into the correspondig states of qubits and performs the gates H-H-I-I-I-H on each qubit. Bob measures the qubits in the following bases: Z-H-H-Z-H-H

<ol>
<li> 
Find the possible outcomes of Bob's measurements
</li>

<li>
Find the bits of the private key accepted by Alice and Bob
</li>
</ol>

</li>

<li>
Imagine that a third party, Eve, intercepts Alice's qubits. She measures the intercepted qubit by randomly selecting either the Hadamard or the standard basis and then forwards the qubits to Bob.

<ol>
<li> 
Is it possible for Eve to find out the bit that Alice is sending to Bob without being discovered?
</li>

<li>
What is the probability that Eve successfully finds out the value of a bit?</li>
</ol>

</li>

<li>
Write a QISKit program for the transmission of a 1024 bits provate key between Alice and Bob
</li>

</ol>

## References

[1] D. Dieks, Physics Letters A, 92, 271 (1982).

[2] W. K. Wootters and W. H. Zurek, Nature, 299.802 (1982).

[3] C. H. Bennett and G. Brassard, In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 175, page 8. New York, 1984.