Security of quantum cryptography against individual attacks

An attempt to eavesdrop on a quantum cryptographic channel reveals itself through errors it inevitably introduces into the transmission. We investigate the relationship between the induced error rate and the maximum amount of information the eavesdropper can extract, in both the two-state B92 [B92 refers to the work of C. H. Bennett, Phys. Rev. Lett. 68, 3121 (1992)] and the four-state BB84 [BB84 refers to the work of C. H. Bennett and G. Brassard, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India (IEEE, New York, 1984), pp. 175–179] quantum cryptographic protocols. In each case, the optimal eavesdropping method that on average yields the most information for a given error rate is explicitly constructed. Analysis is limited to eavesdropping strategies where each bit of the quantum transmission is attacked individually and independently from other bits. Subject to this restriction, however, we believe that all attacks not forbidden by physical laws are covered. Unlike previous work, the eavesdropper’s advantage is measured in terms of Renyi (rather than Shannon) information, and with respect only to bits received error-free by Bob (rather than all bits). This alters both the maximum extractable information and the optimal eavesdropping attack. The result can be used directly at the privacy amplification stage of the protocol to accomplish secure communication over a noisy channel.