4

1

Suppose Alice and Bob can communicate over a quantum channel. The quantum channel is noiseless in the absence of eavesdropping, a condition that cannot be guaranteed. They can also communicate over a classical channel which may be tapped, but not disturbed

To communicate securely Alice and Bob will use the BB84 protocol to establish a secret key. In this protocol (like the version outlined in Figure.12.13 of Nielsen & Chuang) there is a point (following step 6) where Alice and Bob have both obtained $2n$ shared bits. In the next step of the protocol, they will ``sacrifice'' $n$ of their secret bits to check for the presence of an eavesdropper. This check consists of Alice and Bob comparing $n$ of their bits for inconsistencies by publicly declaring them over the classical channel. Define an observable error rate $e$ and an error threshold $e_{thresh}$, so that Alice and Bob abort the protocol if they detect $en$ errors for $e>e_{thresh}$, and proceed otherwise. My question is the following:

What can we say about the value of $e_{thres}$, in particular at what point can Alice and Bob not establish any secure bits?

There are two things that come to mind. First, there is a limit on the number of errors that Alice and Bob can correct. For instance, they could encode their information in an error-correcting code that corrects $t$ errors, and thus if $en>t$ they cannot recover the information. This can also be done classically through the so-called *information reconciliation* protocol, but I don't understand the limitations of this protocol (so any help on this point would also be appreciated).

Secondly, because the quantum channel is noiseless in the absence of an eavesdropper, we know that the error rate is correlated with the amount of information gained by the eavesdropper. Knowing this relationship would enable us to give an error threshold for arbitrary levels of security (i.e we could pick our threshold to ensure that w.h.p the amount of information possessed by the eavesdropper is less than some constant).

**Edit**: In fact, because of the noiseless quantum channel we should be perhaps thinking about the following attack, with prob $1-p$ the eavesdropper measures on the right basis and obtains a bit of information, and with prob $p$ they measure in the wrong basis and cause an error. Given an observable error rate, we should be able to deduce an upper bound on the amount of information obtained by the eavesdropper.