Alice
Bob
Encryption
\(c=E(k,m)\)
message \(m\)
key \(k\)
Decryption
\(m=D(k,c)\)
key \(k\)
ciphertext \(c\)
message \(m\)
Insecure channel
Secure channel
Alice
Bob
key \(k=g^{xy}\)
\(g,g^x\)
Insecure channel
secret \(x\)
key \(k=g^{xy}\)
secret \(y\)
\(g^y\)
Although able to observe all transmitted value, computational hard to calculate the key
CDH Assumption: given \(g,g^x,g^y\), hard to calculate \(g^{xy}\)
Alice
Bob
entangled
Alice's basis set
Bob's basis set
Entanglement is preserved across orthonormal bases
\(A_1\)
\(A_2\)
\(A_3\)
\(B_1\)
\(B_2\)
\(B_3\)
observe
0
observe
0
observe
1
observe
0
observe
1
observe
0
observe
1
observe
1
Alice
Bob
entangled
observe
0
observe
0
observe
1
observe
0
observe
1
observe
0
observe
1
observe
1
\(A_2, A_1, A_2, A_3\)
Alice's basis set
\(A_1\)
\(A_2\)
\(A_3\)
Bob's basis set
\(B_1\)
\(B_2\)
\(B_3\)
\(B_1, B_3, B_2, B_2\)
observe
1
observe
0
observe
0
observe
1
key \(k=01\)
key \(k=01\)
Expected \(\frac{2}{9}\) of the bits used as key!
Alice's basis set
\(A_1\)
\(A_3\)
Bob's basis set
\(B_1\)
\(B_3\)
In the bases that don't match, leave only those in \(\{A_1,A_3\}\times\{B_1,B_3\}\)
Correlation:
\((A_1, B_1), (A_3, B_1), (A_3, B_3)\) positively correlated,
\((A_1, B_3)\) negatively correlated
Alice's basis set
\(A_1\)
\(A_3\)
Bob's basis set
\(B_1\)
\(B_3\)
In the bases that don't match, leave only those in \(\{A_1,A_3\}\times\{B_1,B_3\}\)
Correlation:
Calculate the value
\(S=E(A_1,B_1)+E(A_3, B_1)+E(A_3,B_3)-E(A_1,B_3)\)
Normally, \(S=\frac{\sqrt 2}{2} \times 4 = 2\sqrt 2\)
\(S=E(A_1,B_1)+E(A_3, B_1)+E(A_3,B_3)-E(A_1,B_3)\)
The classical bound for \(S\) is \(S \le 2\)
proof: Let \(\lambda\) be the public signal, in classic settings, \(a_i,b_j\) are independent given \(\lambda\).
Observe that one of \((b_1-b_3),(b_1+b_3)\) is zero, another is \(\pm2\).