QKD Simulator - Analysis and Simulation of Quantum Key Distribution

Simulation and Analysis of QKD currently supporting the BB84 variant. -

QKD (BB84) simulation run example:

Initial Configuration

Property Qubit Count	Basis choice bias delta	Eve basis choice bias delta	Eavesdropping	Eavesdropping rate	Error estimation sampling rate	Biased error estimation	Error tolerance
500	0.5	0.5	1	0.1	0.2	0	0.11

Detailed Run Information

Phase 1: BB84 Quantum Transmission

Alice prepares a sequence of 500 qubits and send them to Bob over the quantum channel. She randomly chooses a basis for each qubit, rectilinear polarization (horizontal/0 degrees and vertical/90 degrees) or a diagonal polarization (+45 degrees and -45 degrees shifted). She then maps horizontal and vertical with the qubit states |0> and |1>, and +45 degrees and -45 degrees shifted with the states |+> and |->, respectively. Further details:

Alice sent 500 qubits to Bob with a basis selection bias of 0.5.
Eve is eavesdropping on the quantum channel at a rate of 0.1 and with a basis selection bias of 0.5. There is an eavesdropper, Eve, listening in on the channel. She intercepts the qubits, randomly measures them in one of the two mentioned bases and thus destroys the originals, and then sends a new batch of qubits corresponding to her measurements and basis choices to Bob. Since Eve can choose the right basis only 50% of the time on averate, about 1/4 of her bits differ from those of Alice.

Phase 2.1: Sifting

Bob announces on a public classical channel the qubits that he has managed to successfully measure. Alice and Bob then reveal and exchange the bases they used. They authenticate these three message exchanges. Whenever the bases happen to match - about 50% of the time on average - they both add their corresponding bit to their personal key. In the absence of channel noise, the two keys should be identical unless there has been an eavesdropper. Further details:

The sifting phase started with 500 transmitted qubits and the resulting bit string was reduced to 257 bits.
0.514 of Alice's and Bob's chosen measurement bases match. 0.486 of their chosen bases do not match.
0.716 of the two parties measured qubits match before sifting and 0.284 of them do not.
0.9144 of the two parties measured qubits match after sifting and 0.0856 of them do not.

Phase 2.2: Sifting Authentication - Linear Feedback Shift Register (LFSR) Universal Hashing

Alice and Bob authenticate their basis exchange messages using the LFSR universal hashing scheme and a mutually preshared secret key for authentication. 3 messages are authenticated in the sifting phase. Further details:

Bob informs Alice of the qubits he managed to successfully measure and he appends an authentication tag to his message. Authentication cost in terms of key material: 64
Bob informs Alice of the bases he has chosen for measuring the qubits and he appends an authentication tag to his message. Authentication cost in terms of key material: 64
Alice informs Bob of the bases she has chosen for preparing the qubits and she appends an authentication tag to her message. Authentication cost in terms of key material: 64

Phase 3.1: Reconciliation - Error estimation

Alice and Bob estimate the error rate in their sifted keys to determine whether they should proceed to error correction or whether they should abort the protocol based on a predefined error tolerance threshold, usually around 11%. Further details:

Alice and Bob permute their sifted keys in order to flatten the errors across the entire bit string. They then perform the error estimation by comparing a subset of their error-flattened sifted keys.
An error rate of 0.0784 was estimated using a sample size of 51 given a sampling ratio of 0.2

Phase 3.2: Reconciliation - Error Correction, Cascade

Alice and Bob perform an interactive error correction scheme called Cascade on the public channel in order to locate and correct the erroneous bits in their sifted bit strings. Further details:

Cascade was run 6 rounds in order to correct the errors.
18 erroneous bits were detected and corrected.
114 bits were leaked in order to correct the errors.
With an error probability of 0.0874, the Shannon bound for the number of leaked bits is: 89.0, compared to the actual number of leaked bits: 114.

Phase 4: Error Correction Confirmation and Authentication

Alice and Bob confirm and authenticate the error correction phase by computing the hash of their error corrected keys using their mutually preshared secret key and by comparing their respective digests. Further details:

64 bits of key material (preshared secret key) were used to authenticate.
The Linear Feedback Shift Register (LFSR) universal hashing scheme was used for authentication.

Phase 5: Privacy Amplification

Alice and Bob compute the overall information leakage and run a privacy amplification protocol in order to reduce/minimize Eve's knowledge gained on the key by having eavesdropped on the channel. They do so by locally applying a universal hashing scheme based on Toeplitz matrices. The hashing function will be indexed using yet another chunk of their preshared secret keys. They can also define a security paramter to minimize Eve's knowledge to an arbitrary amount. Further details:

146 bits were leaked up to this point.
The key length before running privacy amplification: 206 bits.
The final key length is: 40 bits.
The chosen security parameter is: 20.

Statistics and Overview

Property	Value
Initial number of qubits	500
Final key length	40
Estimated error	0.0784
Eavesdropping enabled	1
Eavesdropping rate	0.1
Alice/Bob basis selection bias	0.5
Eve basis selection bias	0.5
Raw key mismatch before error correction	0.0856
Raw key mismatch after error correction	0
Information leakage (Total number of disclosed bits)	146
Overall key cost for authentication	256
Key length before error correction	206
Bit error probability	0.0874
Bits leaked during error correction	114
Shannon bound for leakage	89
Security parameter	20