N ov 1 99 7 Security against eavesdropping in quantum cryptography Norbert Lütkenhaus and Stephen

Quantum cryptography is a method for providing two parties who want to communicate securely with a secret key to be used in established protocols of classical cryptography. For more reviews of this topic see [1, 2, 3]. Bennett and Brassard showed that it is possible, at least ideally, to create a secret key, shared by sender and receiver, without both parties sharing any secret beforehand. We refer to this protocol as the BB84 protocol. [4] To achieve this goal, sender and receiver are linked by two channels. The first channel is a public channel. The information distributed on it is available to both parties and to a potential eavesdropper. To demonstrate the principle of quantum cryptography we assume that the signals on this channel can not be changed by third parties. The second channel is a channel with strong quantum features. An eavesdropper can interact with the signal in an effort to extract information about the signals. The signal states are chosen in such a way that there is always, on average, a back reaction onto the signal states. We assume the quantum channel to be noiseless and perfect so that the back reaction of the eavesdropper’s activity manifests itself as an induced error rate in the signal transmission. The BB84 protocol uses the polarisation states of single photons as signal states. The signal states are, for example, linear vertical or horizontal polarised photons or right or left circular polarised photons. The sender sends a sequence of single photons with a polarisation chosen randomly from the four given ones. The receiver uses randomly one out of two given polarisation analysers for each signal photon. One of the analysers distinguishes between the two linear polarisations, the other between the circular polarisations. Therefore the sequence of signals contains two types of transmissions. In the first type the photon is prepared in a polarisation state which the polarisation analyser, chosen by the receiver, is able to distinguish unambiguously. An example is that a horizontal polarised photon is sent and the receiver chooses to use the linear polarisation analyser. Signals