What is BB84

Previously, we collected three quantum rules like ingredients. Today, we bake them into BB84: a protocol that turns photons into a shared secret key and turns Steve into a measurable error rate.

 

How does QKD work?

You use light. Photons don’t like to stand still. They’re always either wiggling about on the floor or jumping up and down - horizontally or vertically polarised, if you will. If you call the horizontal ones ‘0’ and the vertical ones ‘1’, you can use a sequence of photons to encode bits - and what is a key, if not a string of 1’s and 0’s?

 

If you simply sent those photons to Bertha, she could measure their polarisations and end up with your bitstring. Unfortunately, Steve could also intercept them and do the same, which is not the vibe.

 

Except that polarisation is a quantum mechanical beast. Photons can be in superpositions - wiggling and jumping around like a toddler throwing a tantrum. So how do you use that to scupper Steve?

 

Step 1: you choose bits and bases

You generate two random strings:

1. a random string of bits (0’s and 1’s), and 

2. a random string of bases, using ‘+’ and ‘×’.

 

If your basis is ‘+’, you prepare the photon in the rectilinear basis (horizontal or vertical). If your basis is ‘×’, you rotate your emitter by 45 degrees and prepare the photon in the diagonal basis (call them ‘/’ and ‘’ if you like). Either way, you send one photon per bit down an optical fibre towards Bertha.

At this point, Steve is already sweating, because half your photons are in states that only make sense when measured in the right basis.

 

Step 2: Bertha measures, also choosing bases at random

Bertha does not know your bases. So she picks her own bases at random, for each photon, and measures accordingly:

• If she measures in ‘+’ and gets horizontal, she records a 0; vertical, a 1.
• If she measures in ‘×’ and gets ‘/’, she records a 0; ‘’, a 1.

Now Bertha has a string of bits… but it won’t perfectly match yours, because she sometimes measured in the ‘wrong’ basis.

 

Step 3: sifting - publicly announce bases, keep only matches

Now you and Bertha do something that feels illegal but isn’t: you announce your bases publicly over a normal classical channel.

 

Not your bits. Just your bases.

 

Then you keep only the positions where your bases matched (both ‘+’ or both ‘×’). Those surviving bits form the sifted key. In the ideal world, your sifted keys match perfectly.

 

And yes, you can do the basis announcement publicly after the photons have been sent, because bases without the corresponding quantum states are not very helpful to Steve. It’s a menu without a cake. A map without a treasure. A Bertha without a t-shirt.

 

(One caveat: you and Bertha need a way to authenticate that you’re really talking to each other — otherwise Steve can stand in the middle wearing a convincing Bertha wig.)

 

Step 4: catch Steve — estimate the error rate (QBER)

Now we deal with Steve. Steve cannot observe unknown quantum states without sometimes disturbing them, and he cannot reliably guess which basis you used for any given photon.

 

If Steve tries the classic intercept–measure–resend routine, he has to pick a basis to measure in. Half the time, he’ll pick the wrong one. When that happens, he collapses the photon into a state that is (from your perspective) basically random relative to the correct basis. Then he resends his best guess to Bertha, who (when she measures in the correct basis) will sometimes get a different bit from the one you originally sent.

 

You and Bertha detect this by sacrificing a random subset of sifted bits:

• you publicly reveal those sample bits,
• you compute the fraction that disagree,
• and that gives you an estimate of the Quantum Bit Error Rate (QBER).

 

If the error rate is too high, you abort. Steve has been rummaging.

 

Sidebar: why ‘too high’ and not ‘any error at all’?

Real systems have noise: imperfect sources, lossy fibres, detector dark counts, alignment drift, and the universe’s general tendency towards chaos. So you tolerate a small QBER. The security proofs tell you how much you can tolerate before Steve could, in principle, know too much.

 

Step 5: the boring-but-essential finishing moves

If the QBER is acceptably low, you still aren’t done - because even a low error rate means your strings might not match perfectly, and even a tiny amount of information leakage (from noise or partial eavesdropping) needs to be cleaned up.

 

So you do two classical post-processing steps:

 

1. Error correction (a.k.a. information reconciliation): 

You and Bertha exchange carefully designed parity information to correct any remaining mismatches without revealing the entire key. Done properly, you end up with identical strings.

 

2. Privacy amplification: 

You compress the reconciled key with a hash function into a shorter key. This ‘squashes out’ any sliver of information Steve might have managed to learn. The result is a shorter key that is, for all practical purposes and with the right maths, secret.

 

And that is the key you actually use.

 

Step 6: use the key to encrypt actual messages

Now you take your shiny new shared secret key and use it with a symmetric encryption scheme (or, if you’re feeling dramatic and your key is long enough, a one-time pad) to encrypt your scandalous secret. You send the ciphertext to Bertha. She decrypts it. She gasps. You pretend you can’t see her reaction through the office window.

 

If, at any stage, the QBER looks wrong, you throw the key away and try again. Steve can be many things, but in QKD he cannot be sneaky.

 

Next time: Aunt Carol gets involved. Instead of you preparing photons, an entangled source sends pairs to you and Bertha — and you check whether the universe is still doing its spooky correlation thing. If it isn’t, Steve has been at it again.

 

For more information, please contact Tom Mahon. 

 

This briefing is for general information purposes only and should not be used as a substitute for legal advice relating to your particular circumstances. We can discuss specific issues and facts on an individual basis. Please note that the law may have changed since the day this was first published in May 2026.