3. QKD schemes

There are two major types of QKD schemes, namely prepare and measure (P&M) and entanglement-based (EB) schemes [2, 4]. A P&M scheme is based on individual qubits, while an EB scheme is based on entangled qubits. Either of these schemes can be used by two parties in order to end up with a shared secret key. However, a P&M scheme can immediately be translated into an EB scheme [4, 28]. However, there exists another family of protocols called continuous-variable protocols and distributed-phase-reference (DPR) protocols [4], which consist of the coherent-one-way protocol [29, 30] and the distributed-phase-reference protocols [31, 32]. In the following sections, we briefly describe the processes for each scheme.

#### 3.1. Prepare and measure (P&M) scheme

In a P&M scheme, Alice encodes some classical information into a set of quantum states and sends them via an insecure quantum channel to Bob. Bob then performs measurements on the quantum states he receives. This results in classical data generated by quantum means being shared between Alice and Bob. Examples of protocols that use this scheme are BB84 [33], B92 [27], six-state [34] and SARG04 [35] protocols.

Afterwards, Alice keeps the record of signal choices; Bob keeps the record of his basic choices

Security of Quantum Key Distribution Protocols http://dx.doi.org/10.5772/intechopen.74234 7

In this phase, Alice and Bob use some classical communication protocol in order to distil a secret key from their correlated data. They achieve this by means of a discussion over the

a. Parameter estimation: Alice randomly chooses some fraction of her signal slots and announces for these slots to Bob which signal she sent. Bob announces the measurement he performed and the outcome which he obtains. Depending on the amount of errors which they obtain from their comparisons, they may also decide whether to continue or

b. Sifting: In the sifting protocol, Alice and Bob announce the polarisation bases they used for the preparation of the signals and which bits are discarded. In order to prevent Eve from modifying the transmitted messages, Alice and Bob use the authentication scheme. The remaining data are called sifted data. Alice and Bob proceed to the reconciliation phase or

c. Key map: Alice and Bob discard the basis which they were using so that Eve may not learn any information about the encoding. During key map, Alice and Bob map their event records of the sifted data into a raw key. This step applies to prepare and measure protocol.

d. Error correction: The sifted data may still contain some errors; therefore, Alice and Bob execute a classical error correction protocol in order to reconcile their data. They need to exchange additional information about their respective data over the public channel. In addition, they need to authenticate this phase because Eve is still able to modify the messages in this step. As a result of this protocol, Alice and Bob agree now on a key which is identical with very high probability but Eve might still have some small additional

e. Privacy amplification: After Alice and Bob have reconciled their key, they can cut the correlations between their key and Eve by using the so-called privacy amplification. In this stage, Alice and Bob map their string via a special family of functions called universal

A good definition of security would allow the key generated by a QKD protocol to deviate by a small parameter ε, from a perfect key [2]. This definition should be able to bound Eve's knowledge about the final key. A perfect key refers to a uniformly distributed bit string whose value is completely independent and remains unknown to an eavesdropper [16]. The main requirement that the definition of security must fulfil is composability [5]. The composable

information about the key. After this stage, privacy amplification takes place.

authenticated classical channel. The key extraction procedure is described as follows:

and the corresponding measurement results.

4.2. Classical phase

abort the protocol.

error correction phase.

hash functions to a shorter final key [5].

5. Security in QKD

5.1. Security definition

### 3.2. Entanglement-based (EB) scheme

In an EB scheme, a source prepares and distributes a maximally entangled quantum state where one system is sent to Alice and another to Bob. Alice and Bob then perform measurements in two mutually unbiased bases on their system, respectively. Upon measurement, they obtain perfectly correlated outcomes which are completely random. Since the source prepares a pure state, it means that this state cannot be correlated with an eavesdropper. This implies secrecy of the key. An example of a protocol which uses this scheme is the E91 protocol [36].
