The BB84 protocol

In the realm of quantum cryptography, the BB84 protocol[1] stands as a foundational milestone for secure communication. Conceived by Charles Bennett and Gilles Brassard in 1984, BB84 enables two parties, commonly referred to as Alice and Bob, to establish a shared secret key over a quantum channel, with the remarkable ability to detect any eavesdropping attempt by a third party, Eve. The protocol begins with Alice generating a random sequence of bits and encoding each one into a qubit using one of two possible bases: rectilinear (0 | 1) or diagonal (+ | -). These qubits are then transmitted to Bob, who measures each using a randomly chosen basis of his own. After the transmission, Alice and Bob publicly compare the bases they used—without revealing the actual bit values—and discard all bits where their bases didn’t match. The remaining bits form the raw key, which can be further refined through classical postprocessing including error correction and privacy amplification. In this post, we will focus on the quantum part of BB84 protocol.

Figure 1. Table for 10 bit key distribution through BB84 protocol, including chosen basis, quantum states in each part of the quantum channel and measured bits.

What makes BB84 truly powerful is its built-in mechanism for detecting intrusions. If Eve attempts an intercept-resend attack—measuring each qubit and sending a new one to Bob—she inevitably introduces errors due to the probabilistic nature of quantum measurement. Since Bob doesn’t know the basis Alice used, he has a 50% chance of choosing the right one. Let focus on this situation, since at the end of the protocol, Bob and Alice will only keep the bits measured in the same basis. Again, since Eve doesn’t know the basis Alice and Bob used, she has a 50% chance of choosing the wrong one. In this situation, the probability for Bob to measure the same bit Alice sent is 50%. This double mismatch leads to a 25% error rate in the bits where Alice and Bob’s bases coincide. This threshold is critical: if the quantum bit error rate (QBER) exceeds 25%, Alice and Bob can confidently infer the presence of an eavesdropper and abort the key generation process.

While BB84 remains the most widely studied and implemented QKD protocol, it is far from the only one. Alternatives like E91, which uses entangled photon pairs, and B92, a simplified version with fewer states, offer different trade-offs in terms of efficiency and security. More advanced protocols, such as decoy-state methods, have been developed to counter specific attacks in real-world implementations. Despite these innovations, quantum key distribution still faces significant challenges. Photon loss over long distances and the difficulty of integrating quantum systems into existing infrastructure all pose barriers to widespread adoption. Moreover, scaling QKD to global networks requires breakthroughs in quantum repeaters and satellite-based communication.