Detecting eavesdropping in Ekert protocol for quantum key distribution

Abstract: The Ekert protocol is a secure key distribution protocol that utilizes a stream of two qubit pairs in an entangled state. Alice and Bob each measure the received quanta using a randomly chosen orthonormal basis. The degree of matching between the classical bit strings of the two as a result indicates the presence or absence of eavesdropping. This is explained in the last section of chapter 8 "Bell's Inequality" of reference [1]. There, the calculation of the match probability in the absence of eavesdropping is clearly explained. However, details of how to calculate the matching probability (=3/8) in the case of eavesdropping are not shown. This blog post tracked that calculation.

●Primitive cryptographic key distribution using quantum entanglement
Quantum entanglement makes it possible to share cryptographic keys without having to create them in advance and send them to each other. However, as shown in Fig.1, in practice, such a method cannot be used easily. This is because, if eavesdropped, it cannot be detected.

●Ekert protocol (E91) for quantum key distribution

The solution is the Ekert protocol. Send a stream of entangled pairs of qubits (of length 3n) to Alice and Bob. They receive the qubits one by one from the pair. Each time, they both randomly select one of the three orthonormal bases to measure one's qubit. The results of the measurements are recorded along with the basis of choice. Finally, both sides exchange selected bases information (not measurements) in normal communication. Of these, approximately n bases should be the same in both, and the remaining 2n should be different in both.

For bases (2n of their own) that do not agree between them, they exchange their measurement results. It can be done by normal communication without encryption. When calculating the probability that the measurement results match, the value becomes 1/4, if there is no eavesdropping by a third party (that is, if the third party does not measure the qubits). Details of the calculation are given in reference [1]. If the value can be confirmed, the measurement results for the remaining n bases that agree with each other can be used as  an encryption key. That is, both parties can share the encryption key without sending it to each other. See Fig.2(1).

However, if a third party Eve eavesdrops on the qubits before Alice's and Bob's measurements, the matching probability of Alice's and Bob's measurements changes to a value of 3/8. See Fig.2(2). But how is this value calculated? I will clarify that next.

●Comparison of Alice's and Bob's measurement results when eavesdropped
Fig.3 shows the calculation of the match probability (3/8) mentioned above. See diagram for details. There are nine combinations of bases that Alice and Bob can choose from, but we are only interested in the cases that their bases are different. The match probability for the six combinations is shown in red. In this example, Eve chose Standard basis, but she would have chosen anything else.

Fig. 4 shows in more detail the calculations for cases (a) and (b) among the six combinations. Eve's results are measured by Alice and Bob on the basis of their choice. The probability amplitude at that time is used in the calculation.

From the above, the Ekert protocol mechanism for generating cryptographic keys and detecting eavesdropping by a third party has been completely clarified.

Special Acknowledgment

I have forwarded this blog post to Prof. Chris Bernhardt, the author of reference [1]. He sent me an email confirming that this calculation is correct. Below is the last two lines of his answer. I would like to thank him. (2023-06-12)

Reference

[1] Chris Bernhardt: Quantum Computing for Everyone, The MIT Press, 2020.

https://www.chrisbernhardt.info/