One‑Page Guide to BB84: The Quantum‑Secure Key Book Explained

BB84, introduced in 1984 by Charles Bennett and Gilles Brassard, is the foundational protocol for quantum key distribution (QKD). It became necessary because traditional cryptographic schemes—public‑key algorithms such as RSA and ECC and symmetric algorithms like AES—are vulnerable to quantum attacks: Shor's algorithm can factor a 2048‑bit RSA key in hours, and Grover's algorithm reduces the effective security of AES‑128, requiring a move to AES‑256.

The core weakness of classical encryption lies not only in the algorithms themselves but also in the key‑exchange step, which relies on public‑key encryption. If a quantum computer can break the public‑key layer, the symmetric key becomes exposed.

How BB84 Achieves "Absolute Security"

BB84 leverages the quantum property of photon polarization. Photons are treated as "vibrating strings" that can oscillate horizontally, vertically, or at 45°/135°. Two orthogonal bases are defined:

Z basis (horizontal ↔ = 0, vertical ↕ = 1)

X basis (45° ↗ = 0, 135° ↘ = 1)

Mixing the bases yields random results, which is the mechanism that prevents eavesdropping.

Step 1 – Alice Encodes the Key

Alice generates two random bit strings: one for the raw key (e.g., 101100) and one to choose the basis (0 = Z, 1 = X). Using an electro‑optic modulator, she converts each bit‑basis pair into a photon with the corresponding polarization and sends the photons one‑by‑one through a quantum channel.

The single‑photon requirement avoids the "multi‑photon loophole" where an eavesdropper could split a pulse.

Step 2 – Bob Measures Randomly

Bob independently selects a basis for each incoming photon. If his basis matches Alice's, his measurement yields the correct bit; if not, the result is random.

Step 3 – Classical Reconciliation

Alice and Bob communicate over a conventional channel, announcing only the bases they used for each position. They discard all bits where the bases differ, keeping the matching positions as the "raw key." For example, from six transmitted bits they might retain five valid bits, with at most one error.

Step 4 – Error Correction and Privacy Amplification

Because the quantum channel introduces noise, the raw key may contain errors. The parties perform error correction by exchanging parity information (e.g., whether the number of 1s in a block is even) without revealing the bits themselves, allowing them to locate and fix mismatches.

After error correction, they apply privacy amplification: a hash function such as SHA‑256 compresses the corrected key (e.g., from 5 bits to 4 bits), eliminating any residual information that an eavesdropper might have gleaned.

Frequently Asked Questions

Why can an eavesdropper not learn the key and why is any interception detectable? Quantum states cannot be cloned; any measurement by an eavesdropper inevitably disturbs the photons, raising the error rate (e.g., from 2 % to over 10 %). Alice and Bob detect this increase and abort the session.

What is the purpose of privacy amplification? It removes the tiny leakage that may remain after error correction by hashing the key, making it computationally impossible for an attacker to reconstruct the final key.

Is additional communication required after privacy amplification? No. Both parties pre‑agree on the hash algorithm and output length, so each can compute the final key locally.

What error‑correction methods are available? Three common approaches are:

Block parity checks (simple overlapping groups)

Low‑density parity‑check (LDPC) codes, which use many parity checks for fast multi‑error correction

Cascade codes, which first correct large errors with an inner code and then clean up remaining small errors with an outer code

Evolution of BB84

Since its inception, BB84 has inspired several variants:

B92 – a simplified version with fewer states

Decoy‑state BB84 – addresses the multi‑photon loophole by inserting fake pulses

Device‑independent QKD (DI‑QKD) – removes trust assumptions about the hardware

E91 (1991) – uses entanglement and Bell‑inequality tests instead of single‑photon encoding

All these protocols share the same fundamental principle: security is guaranteed by the laws of quantum physics rather than computational hardness.