Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

BB84 (Bennett and Brassard 1984) is one of the well known protocols of quantum keys distribution. It is built to allow two interlocutors commonly called Alice and Bob to share two similar binary keys and to detect the eavesdropper presence (the eavesdropper is commonly called Eve). However, Eve presence in a disturbed environment causes errors to the sifted keys and decreases the amount of secure information between Alice and Bob. One of the most important stages in BB84 protocol is to decide by using error probability estimation if we can continue the protocol phases or no. Indeed, this decision is function of some factors like: what is the amount of information that we will lose in the error correction phase? What is the degree of errors detected in our sifted keys? What is the origin of these errors: Eve strategy or the channel disturbance? For these reasons, we will study in this study some conditions to stop BB84 protocol in the context of depolarizing channel. We implement two types of eavesdropping strategy: Intercept and Resend and Cloning Attack.


INTRODUCTION
It's known that the security of symmetric cryptography is mathematically proven [1] : Eve cannot have information about message transmitted by Alice to Bob if they use two common binary random keys at the same message length. To have unique keys for each message is impossible; this fact isn't allowed by transmission supports and techniques. Quantum cryptography or Quantum Distribution keys (QKD) is a new field of cryptography specialized to resolve this problem of sharing keys between these two interlocutors [2] . Since 1984, more and more protocols are implemented beginning by BB84 [1,3] and arriving to SARG04 (Scarani-Acin-Ribordy-Gisin 2004) [4] . Note that BB84 and SARG04 are not different in quantum phase which is our study subject. It also approaches experimental results exposed in article [4] with multiple attacks. Moreover, it's obvious that security research is oriented to experiments reality which can't envisage future problems. Technology developments will permits to Eve more and more efficient procedures that can't be realized actually. Having theory models is so necessary to estimate future problems of security. For example, we note that cloning attack can't be experimentally implemented with our actual technology means but its optimality obliges the researchers to consider it in models as forecast to future Eve strategies [5,6] . For these reasons, beginning with security notions our contribution consists of giving some criteria to stop or continue BB84 (or SARG04) protocol. We model errors origins like Eve presence and depolarizing channelequivalent channel with Binary Symmetric channel in classical terms [7] . This study will be divided into four parts: the first relates to a necessary detailed description of our error sources models. The second and third parts will provide the stop conditions and criteria of the BB84 protocol after the quantum communication: we begin with Intercept and Resend spread in its use and finish with cloning attack which danger comes form its optimality. We will end carrying out comparative discussions between the various eavesdropping techniques and gives efficiency study by knowing depolarizing parameter.
Error sources modelling: Protocol BB84 like any other protocol of quantum cryptography is based on two principal phases: a quantum phase via a one-way physical quantum channel and a public phase using an authenticated two-way classic ideal channel [8,9] . We note that the channel notion changes according to study point of view [10] . Indeed, in this article we use the term "channel" without adjective for all imperfections which lead to the sifted keys -binary sequences obtained after public discussion compatibility of bases. Consequently, it includes the eavesdropping strategy used and the physical quantum channel (sources, detectors, optical fibers…). During our study, we chose as physical channel model the depolarizing one which is mathematically considered as unitary operator T p [7] Depolarizing channel leaves intact a qubit ψ with probability (1-p) or applies one of the Pauli matrices σ i (≠ identity matrix) with probability p/3 for each one; p is called the depolarizing parameter.
Another error source that we must consider is the eavesdropping presence. Indeed, considering the effects independence of the eavesdropper and the depolarizing channel, a state sent by Alice can follow one of the two transmission ways ( Fig.1) with respective probabilities (1-q) and q. Considering only the depolarizing channel effect (without Eve presence), we show in other work that the error probability P e is equal to 2p/3 [11] . Stop conditions (Intercept and resend eavesdropping case): Intercept and Resend is the most known eavesdropping strategy that can be implemented with actual technology means [5] . In the explanation terms: Eve replaces Bob by applying random bases measurements to some qubits and each result will be sent to Bob without any change. After Alice and Bob public discussion about their bases measurements choices (to eliminate incompatible ones), Eve, by observing the two interlocutors decision to build sifted keys via the authenticated public channel, construct her one by leaving bits that correspond to Alice and Bob incompatibility measurements. We define for this eavesdropping strategy the probability s that one qubit sent by Alice to Bob is eavesdropped. If we consider only Eve effect, we can prove that the error probability is equal to s/4 [12] . Thus, our analysis model (Fig.1) can be transformed with another form (Fig.2). By computing conditional probabilities (equations 2 and 3) between Alice and Bob, we show that they are independent of q and that error probability is given by Immediately, average mutual information between Alice and Bob is obtained by using this equation: Moreover for computing average mutual information between Alice and Eve we use an analogue model to that given in Fig.2 (Fig.3). Conditional probabilities between Alice and Eve are with q = ½: Note: q is not valid for s = 0.
Thus, average mutual information between Alice and Eve is computed: I AB = p(0/0)log 2 (2p(0/0)) + p(1/0)log 2 (2p(1/0)) for s≠0 I AB = 0 for s = 0 (8) An important parameter to study security of a quantum cryptography protocol is secure information (or secret information) given by this equation [5] : Like error probability, this parameter can be plotted as function of depolarizing parameter p and eavesdropping probability s. We can define a threshold of secure information ε below that BB84 protocol must be stopped. But, the only parameter that can be easily reached by the two interlocutors is error probability. Alice and Bob can choose random bits which are compared by public discussion and thus permit to have an error rate (an estimation of error probability). It should be noted that bits used to estimate this probability must be eliminated in order to avoid the increase of Alice-Eve average mutual information [1,2] . We represent in (Fig.4) secure information as function of error probability for different p and s values. Error probability S ec ure inform ation p increases from 0 to 1 p increases from 0 to 1 s increases from 0 to 1 Fig.4: Secure information as function of error probability (for Intercept and Resend eavesdropping) If the two interlocutors choose a decision threshold of secure information ε below that they stop protocol, they choose in other terms a decision threshold of error probability P emax -a limit of error probability tolerated between Alice and Bob. Note that if we haven't an estimation of our channel p-value we can work with p = 0. For this condition, some thresholds are presented in Table. 1  In order to have an efficient protocol ε must be between two values: a min value ε min and a max value ε max . If we choose ε out of this stroke, the protocol will be automatically stopped (efficiency problem). These limit-values are function of depolarizing parameter (Fig.5). As you see, we can consider that ε max as secure information for s = 0 and ε min as secure information for s = 1. It should be noted that ε min ≥ 0; for this reason ε min = 0  p (Table.2).

Stop conditions (cloning attack case):
Cloning attack eavesdropping is an optimal attack. Indeed, Optimality comes owing to the fact that we obtain the minimum of secure information with this strategy compared to the others. In the explanation terms: Eve uses a unitary operator U called cloning transform. This operator can approach the cloning act which is impossible in quantum theory (non-cloning theorem) [5] : The symbols H A and H E indicate respectively the spaces states of Alice and Eve. Moreover, note that this operator is defined in y-base (diagonal base). If ψ is the ket sent by Alice, Eve apply the unitary operator U and send only the qubit concerned by Alice [12] . She stores her qubit and decides to measure it after public discussion between the tow interlocutors about their compatibility bases. So, if we consider only Eve effect, we can prove that the error probability is equal to (1-cosθ)/2. Thus, our analysis model (Fig.1) can be transformed with another form (Fig.6).
By computing conditional probabilities (equations 11 and 12) between Alice and Bob, we show that they are independent of q and that error probability is given by equation 13.  Immediately, Information between Alice and Bob is obtained by using equation 5. Moreover for computing Information between Alice and Eve we use an analogue model to that given in Fig.2 (Fig.7). Conditional probabilities between Alice and Eve are with q = ½:  (15) Note: q is not valid for s = 0.
Thus, information between Alice and Eve is computed also by using equation 8. In addition to that, we determine the secure information immediately. This parameter can be plotted as function of depolarizing parameter p and attack force θ. We can define also a threshold of secure information (and obviously of error probability) ε below that BB84 protocol must be stopped. We represent in Fig.7 secure information as function of error probability for different p and θ values. It also could be noted that if we haven't an estimation of our channel p-value we can work with p = 0. For this condition, some thresholds are presented in Table. 3 Similarly and for protocol efficiency, ε must be between two values: ε min and ε max (Fig.9).