Quantum Key Distribution with Classical Bob

Secure key distribution among two remote parties is impossible when both are classical, unless some unproven computation-complexity assumptions are made, such as the difficulty of factorizing large numbers. On the other hand, a secure key distribution is possible when both parties are quantum. What is possible when only one party (Alice) is quantum, yet the other (Bob) has only classical capabilities? We present a protocol with this constraint and prove its robustness against attacks: we prove that any attempt of an adversary to obtain information necessarily induces some errors that the legitimate users could notice.

Figure 1

(a) Eve’s maximum (over all attacks) information on the info string vs the allowed disturbance on the bits tested by Alice and Bob, in a completely robust (solid line), partly robust (dashed line), and completely nonrobust (densely dotted line) protocol. (b) Robustness should not be confused with security; Eve’s maximum information on the final key vs allowed disturbance in a secure protocol; such a protocol could be completely or partly robust.