#### Quantum Cryptography

I feel really stupid asking this question, but I just can't figure out why I am wrong. Here goes:

I am giving a lecture about Quantum Cryptography, and as I am studying it again, I don't see why the following attack doesn't work (I am thinking about BB84):

Why can't Eve just use the bits sent to Bob as control in a CNOT, keeping the second bits, and passing on the original qubits unchanged? Then when Bob measures, her qubits collapse to the same state, and by listening to the communication between Alice and Bob, she know everything she needs to know to measure the qubits in the correct basis and get the correct values.

Everywhere I read argues that Eve can't copy the bits because of the no-cloning theorem, but it seems to me that copying the qubits wouldn't help anyway. However this--so it seems to me right now--is even better--by using entanglement, she has exactly what Bob has, and when he measures, he measures her qubits as well.

Does this make sense?

I know this is wrong, but I can't see why.

Help?

## Actually, the real security

Actually, the real security of BB84 lies in a bit of random guesswork combined with error correction. It is assumed that Eve

doesgain some information but through error correction it can be shown that Alice and Bob can correct down to the point that Eve has zerousableinformation. An awesome reference on this, particularly from a pedagogical point of view, is the bookProtecting Information: From Classical Error Correction to Quantum Cryptographyby Susan Loepp and Bill Wootters and published by CUP.## Why this doesn't work

I guess you already had your lecture by now, but here is the reason why the CNOT does not work:

A CNOT doesn't work exactly as you assume in your post. You write "use the bits sent to Bob as control in a CNOT, keeping the second bits, and passing on the original qubits unchanged". The control qubit is a CNOT is only unchanged if it is diagonal in the computational basis. For example if you start out with a state |+>|-> (where the first is the control, the second is a target, |+> = (|0>+|1>)/normalization and |-> = (|0>-|1>)/normalization), applying a CNOT will change the state to |->|->, i.e. the control will change but the target will be left unchanged.

In the attack with the CNOT you need to specify what state the target qubit is in initially. I assume this it is in |0> (which is probably what you meant). If you try the attack, you will be able to read the bits without introducing errors when the signal states are |0> or |1>. However, if the signal state is |+>, you will get the entangled state |00>+|11> (I neglect normalization due to formatting). If Bob measures this bit in the +/- basis he should get the outcome |+> with probability 1 if there were no eavesdropping. However, the reduced state is now |0> is therefore 0.5. Thus, there will be 50 % error rate in the +/- basis and 0 % error rate in the computational basis, which is the same as what you get if you simply measure in the 0/1 basis and resend to Bob what you measured.

You are right when you say that Eve has exactly what Bob has. They both have the bit Alice sent when she used the 0/1 basis, but they both have complete garbage when Alice sends using the +/- basis. Bob knows that when there are so many errors there is no way to make a secret key.

There are ways for Eve to get exactly what Bob has without introducing so many errors (we say that Alice and Bob's state has a [[symmetric extension]]). It is possible for Eve to introduce an average error rate of only 14.6% (as opposed to 25% in the above attack) and still have the same information as Bob. In this case it is possible for Alice and Bob to distill some key anyway by a techinque called [[advantage distillation]].