Please find here a description of our QKD implementation.
For our submission, we implemented the two suggested protocols:
- E91 (Ekert, Artur K. "Quantum Cryptography and Bell’s Theorem." Quantum Measurements in Optics. Springer, Boston, MA, 1992. 413-418.)
- BBM92 (Bennett, Charles H., Gilles Brassard, and N. David Mermin. "Quantum cryptography without Bell’s theorem." Physical review letters 68.5 (1992): 557.)
In the noiseless scenario, the E91 protocol uses on average 2/9 of the EPR pairs to construct the key. We found that BBM92 has a better EPR efficieny, with (1-p)/2, where p is the fraction of EPR pairs measured in the same basis that we use for testing for Eve's presence. Assuming a binomial distribution for the noise, we choose the probability p such that we miss Eve's presence 1% of the time (capping it at p=0.5). This probability depends on the key_length, as bigger keys require a smaller fraction of the used pairs to check for Eve's presence.
Therefore, here we submitted the BBM92 approach. However, we leave our E91 attempt in the qkd-e91 folder for reference.
To test against interference by an eavesdropper we considered two Eves:
- Eve 1: Randomly chooses between computational or +/- basis and measures the qubit.
- Eve 2: Always measures in the computational basis.
As implemented in the API, the eavesdropper is called for both Alice's and Bob's qubit. We tested both Eves for keys of 1000 bits and found that the final keys differ in about 33% of the bits for Eve 1 and 25% of the bits for Eve 2.
Ultimately, we picked a threshold of 14.6% above which we discard the keys due to the possibility of Eve interfering. This comes from the upper bound on the tolerable error rate for key distribution secure against individual attacks, as discussed in the thesis of Chris Erven:
https://uwspace.uwaterloo.ca/bitstream/handle/10012/3021/Thesis_ChrisErven_SubmittedToGSO.pdf
To deal with noisy channels, we do not assume that Alice and Bob measure the same bit result when they choose the same basis.
As such, we implemented a Information Reconciliation strategy to correct the keys. We implement Brassard's approach -- the Cascade algorithm with binary search correction -- on Bob's key. We found out that 4 iteration steps were enough for large keys. For small keys (around 16), just 1 iteration step is usually enough.
We also found out that the Cascade algorithm without the back-trace steps works well enough for the key lengths that we used. As such, our Information Reconciliation algorithm is small but effective.