Table of Contents

1. Introduction
2. What Is QKD Security?
3. Security Paradigm Shift: Classical vs Quantum
4. Physical Principles Behind QKD Security
5. Security from the No-Cloning Theorem
6. Measurement Disturbance Principle
7. Eavesdropping Detection in QKD
8. Quantum Bit Error Rate (QBER)
9. Error Thresholds in QKD Protocols
10. Privacy Amplification
11. Information Reconciliation
12. Composable Security Framework
13. Individual, Collective, and Coherent Attacks
14. Security Proofs Against Coherent Attacks
15. Device-Independent Security
16. Finite-Key Security Analysis
17. Entropic Uncertainty Relations
18. Side-Channel Attacks and Countermeasures
19. Trojan Horse Attacks
20. Photon Number Splitting (PNS) Attacks
21. Decoy State Method
22. Authentication of Classical Channels
23. Post-Quantum Cryptography vs QKD
24. Regulatory and Practical Considerations
25. Conclusion

---

1. Introduction

Quantum Key Distribution (QKD) offers unconditional security based on the laws of quantum physics, not computational hardness. This makes it resilient even against adversaries with quantum computers.

---

2. What Is QKD Security?

QKD security is the guarantee that any eavesdropping attempt will be detected, and that a secret key can still be distilled with provable bounds on the amount of leaked information.

---

3. Security Paradigm Shift: Classical vs Quantum

Aspect	Classical Crypto	Quantum Crypto (QKD)
Based on	Algorithmic difficulty	Physical principles
Broken by QC	Yes (e.g., RSA, ECC)	No
Eavesdropping	Undetectable	Detectable

---

4. Physical Principles Behind QKD Security

QKD relies on:

• The no-cloning theorem
• The disturbance caused by measurement
• The uncertainty principle

---

5. Security from the No-Cloning Theorem

The no-cloning theorem ensures that an unknown quantum state cannot be duplicated:

\[
|\psi\rangle \nrightarrow |\psi\rangle \otimes |\psi\rangle
\]

Eavesdroppers cannot copy quantum bits undetectably.

---

6. Measurement Disturbance Principle

Measuring a quantum state collapses it. If Eve tries to intercept and measure a qubit, it changes the qubit’s state, introducing detectable errors.

---

7. Eavesdropping Detection in QKD

By publicly comparing a subset of their key, Alice and Bob can compute the Quantum Bit Error Rate (QBER). If the QBER exceeds a threshold, they abort the protocol.

---

8. Quantum Bit Error Rate (QBER)

The fraction of mismatches between Alice’s and Bob’s raw key:

\[
\text{QBER} = \frac{\text{Number of Errors}}{\text{Total Bits Compared}}
\]

A high QBER indicates potential eavesdropping.

---

9. Error Thresholds in QKD Protocols

• BB84 tolerates QBER up to ~11%
• E91 tolerates up to ~7–10% depending on implementation
• Beyond these, key generation is insecure

---

10. Privacy Amplification

A post-processing step to remove leaked information by compressing the raw key using universal hash functions.

---

11. Information Reconciliation

Before privacy amplification, Alice and Bob must:

• Reconcile bit discrepancies
• Use error correction (e.g., Cascade, LDPC codes)
• Minimize information revealed to Eve

---

12. Composable Security Framework

Security proofs today ensure composable security:

• Security holds even when QKD is part of a larger protocol
• Guarantees hold when keys are reused or chained

---

13. Individual, Collective, and Coherent Attacks

• Individual attacks: one qubit at a time
• Collective attacks: measure all qubits independently, store for joint analysis
• Coherent attacks: interact with multiple qubits jointly — most powerful and general

---

14. Security Proofs Against Coherent Attacks

Modern QKD security proofs use:

• Entropic uncertainty relations
• Quantum de Finetti theorems
• Smooth min-entropy bounds

To prove security even against the most general attacks.

---

15. Device-Independent Security

Device-Independent QKD (DI-QKD) uses Bell inequality violations to ensure security, even if devices are untrusted or malicious.

---

16. Finite-Key Security Analysis

Real systems exchange a finite number of bits. Finite-key analysis provides tight bounds on security parameters using statistics and confidence levels.

---

17. Entropic Uncertainty Relations

A generalization of Heisenberg’s principle that quantifies the uncertainty Eve must have if Alice and Bob share strong correlations.

---

18. Side-Channel Attacks and Countermeasures

Real devices can leak unintended info:

• Time-shift attacks
• Detector blinding
• Phase remapping

Countermeasures include:

• Monitoring device behavior
• Introducing randomness
• Using Measurement-Device-Independent QKD (MDI-QKD)

---

19. Trojan Horse Attacks

Eve sends light into Alice/Bob’s device and analyzes the reflected light to learn settings. Prevented by:

• Optical isolators
• Filters
• Watchdog detectors

---

20. Photon Number Splitting (PNS) Attacks

When weak coherent pulses are used, Eve may split off a photon. Decoy state QKD prevents this by randomizing signal intensity.

---

21. Decoy State Method

Alice sends random decoy pulses to detect PNS attacks by monitoring the yield and QBER of different intensities.

---

22. Authentication of Classical Channels

The classical communication channel must be authenticated using:

• Pre-shared keys
• MACs (Message Authentication Codes)
• Post-quantum secure digital signatures

---

23. Post-Quantum Cryptography vs QKD

Feature	Post-Quantum Crypto	QKD
Based on	Hard math problems	Quantum mechanics
Forward secrecy	Not guaranteed	Yes (with ephemeral keys)
Implementation cost	Software-based	Hardware-intensive

---

24. Regulatory and Practical Considerations

• NIST and ETSI are developing QKD standards
• Cost and infrastructure limit widespread use
• Integration with classical networks is active research

---

25. Conclusion

QKD security is grounded in the unassailable laws of quantum physics. With defenses against even the most sophisticated attacks — including future quantum adversaries — it offers unmatched cryptographic strength. While practical deployment faces challenges, QKD is already securing some of the world’s most sensitive communications, laying the groundwork for a truly quantum-secure future.

---

Table of Contents

1. Introduction
2. Historical Context
3. Core Concepts Behind E91
4. E91 vs BB84
5. Entanglement in E91
6. Bell’s Theorem and Non-Locality
7. Step-by-Step E91 Protocol
8. The Role of Bell Inequalities
9. The CHSH Inequality
10. Security Mechanism in E91
11. Quantum States Used
12. Measurement Settings
13. Detecting Eavesdropping
14. Mathematical Framework
15. Key Extraction Process
16. Classical Communication and Post-Processing
17. Advantages of E91
18. Practical Implementations
19. Experimental Demonstrations
20. Limitations and Technical Challenges
21. Device Independence in E91
22. Application in Quantum Networks
23. E91 and Future Satellite QKD
24. Comparison Summary with Other Protocols
25. Conclusion

---

1. Introduction

The E91 Protocol, proposed by Artur Ekert in 1991, is a quantum key distribution (QKD) scheme based on the principles of quantum entanglement and Bell’s theorem. Unlike BB84, E91 uses entangled particles to ensure security and detect eavesdropping.

---

2. Historical Context

The E91 protocol introduced the idea that quantum correlations verified by Bell inequality violations could be used to distribute cryptographic keys securely. It connected quantum information theory with the foundations of quantum mechanics.

---

3. Core Concepts Behind E91

• Uses maximally entangled pairs (e.g., Bell states)
• Security stems from violation of Bell inequalities
• Eavesdropping disrupts the quantum correlations and changes measurement statistics

---

4. E91 vs BB84

Feature	BB84	E91
Resource	Single qubits	Entangled pairs
Security basis	Basis mismatch	Bell inequality violation
Implementation	Simpler	More complex
Device independence	No	Yes (with assumptions)

---

5. Entanglement in E91

Pairs of qubits are generated in a Bell state:

\[
|\Phi^+\rangle = \frac{1}{\sqrt{2}}(|00\rangle + |11\rangle)
\]

One qubit is sent to Alice and the other to Bob.

---

6. Bell’s Theorem and Non-Locality

Bell’s theorem shows that no local hidden variable theory can reproduce the predictions of quantum mechanics. In E91, violation of Bell inequalities implies genuine quantum correlations.

---

7. Step-by-Step E91 Protocol

1. A central source emits entangled photon pairs to Alice and Bob.
2. Each randomly selects a measurement setting (3 each).
3. They perform measurements on their qubits.
4. They compare settings publicly.
5. Use measurement results with matching settings to form the secret key.
6. Other settings are used to test the CHSH Bell inequality.

---

8. The Role of Bell Inequalities

Violating Bell inequalities ensures:

• The quantum correlations are non-classical
• No eavesdropper can simulate them without detection

---

9. The CHSH Inequality

The Clauser-Horne-Shimony-Holt (CHSH) version is:

\[
|E(a, b) + E(a, b’) + E(a’, b) – E(a’, b’)| \leq 2
\]

Quantum mechanics allows values up to \( 2\sqrt{2} \). Violation signals quantum entanglement.

---

10. Security Mechanism in E91

Any eavesdropper trying to intercept or replicate the entangled states will:

• Alter the statistics
• Reduce Bell inequality violation
• Be detected by Alice and Bob

---

11. Quantum States Used

E91 uses Bell states, like:

\[
|\Psi^-\rangle = \frac{1}{\sqrt{2}}(|01\rangle – |10\rangle)
\]

which have perfect anti-correlations in measurement outcomes.

---

12. Measurement Settings

Alice uses: \( A_1, A_2, A_3 \)
Bob uses: \( B_1, B_2, B_3 \)

Certain combinations are used for:

• Bell inequality tests
• Key extraction

---

13. Detecting Eavesdropping

If CHSH inequality is not violated, it means:

• Eavesdropper tampered with the entangled states
• The communication is not secure

---

14. Mathematical Framework

Expected correlations are computed as:

\[
E(a, b) = P_{++}(a, b) + P_{–}(a, b) – P_{+-}(a, b) – P_{-+}(a, b)
\]

Where \( P_{ij}(a, b) \) is the joint probability of outcomes \( i \) and \( j \).

---

15. Key Extraction Process

• Only a subset of results is used to form the key.
• Results corresponding to aligned measurement bases form the sifted key.

---

16. Classical Communication and Post-Processing

Alice and Bob:

• Share basis choices
• Estimate error rates
• Perform privacy amplification and error correction

---

17. Advantages of E91

• More secure against side-channel attacks
• Can be made device-independent
• Based on deeper quantum principles

---

18. Practical Implementations

• Photonic entanglement over fiber optics
• Free-space optical experiments
• Real-time CHSH inequality testing

---

19. Experimental Demonstrations

E91-like QKD systems have been tested over:

• Urban fiber networks
• Satellite links (e.g., Micius satellite by China)
• Long-distance entanglement distribution (>1200 km)

---

20. Limitations and Technical Challenges

• Entangled sources are complex
• Synchronization required between distant parties
• Photon loss and detector inefficiencies

---

21. Device Independence in E91

By violating Bell inequalities, E91 allows for device-independent security, reducing trust requirements in hardware.

---

22. Application in Quantum Networks

Entanglement-based protocols like E91 are foundational for:

• Quantum internet
• Entanglement swapping
• Quantum repeaters

---

23. E91 and Future Satellite QKD

E91 is ideal for space-based QKD due to:

• Long-range entanglement
• Robustness to noise
• Fundamental tests of quantum mechanics

---

24. Comparison Summary with Other Protocols

Protocol	Basis	Uses Entanglement	Device Independent
BB84	Basis choice	No	No
E91	Bell test	Yes	Yes (potentially)
B92	Simplified states	No	No

---

25. Conclusion

The E91 protocol represents a landmark in quantum communication, showing how the non-locality of entanglement can be harnessed for unbreakable cryptographic key distribution. Though more complex than BB84, its potential for device independence, long-distance QKD, and quantum internet applications make it a central pillar of future secure communications.

---