Interactive simulation of quantum key distribution protocols and application in Wi-Fi networks

Key distribution allows two parties to produce and share a random secret key, which can then be used to encrypt and decrypt messages with symmetric cryptosystems. Thus, this is often considered the most fundamental cryptographic primitive of secret communications, especially in wireless networks. While the traditional method is based on the assumption about the hardness of some mathematical problem, the quantum key distribution (QKD) involves quantum mechanical components and can be considered unconditionally secure. This paper presents an implementation of the two QKD protocols known as E91 and B92, which includes an intuitive class structure representing the different relationships between the two collaborating entities in the simulated communication. In addition, this implementation made it possible to deepen the study and comparison of both algorithms. The main details of the implementation are described here, together with some conclusions obtained from the research carried out on its functionalities, illustrated in colorful heat maps. This work also includes a preliminary analysis of the potential of the application of these QKD protocols for their hybrid application in Wi-Fi networks based on the IEEE 802.11 standard.


Introduction
In order to guarantee secure communications over open and insecure networks, such as wireless networks, the application of cryptographic protocols is absolutely necessary.In particular, the distribution of secret keys among network members is essential for securing network communications, because those shared secret keys can then be used to encrypt the communications.
In 1917, Vernam invented the so-called one-time pad encryption, which uses a random, symmetric secret key shared between sender and receiver [1].This scheme cannot be broken if both parties do not reuse their key.However, to use it, both communicating parties must have a secure channel to share a key that must be as long as the ciphertext, which is impractical with traditional methods.The problem of the key length issue has not been solved so far, but there are solutions for the establishment of a secure channel.In 1976, the well-known Diffie-Hellman algorithm was proposed to solve the problem of the secret key agreement through an insecure channel, based on the discrete logarithm problem that is classically difficult to solve [2].However, this problem is easy to solve with a quantum computer thanks to the Shor's algorithm [3].
In 1984, Bennett and Brassard proposed a solution to the key distribution problem, known as BB84 protocol, which is unconditionally secure thanks to its basis in quantum physics [4].This protocol gave rise to the concept of Quantum Key Distribution (QKD), which allows the continued use of well-known symmetric encryption algorithms such as the Advanced Encryption Standard (AES), used in all types of communications including Wi-Fi from WPA2.After BB84, other QKD protocols have been proposed, such as E91 [5] and B92 [6], whose implementation is of great interest for the study of their differences, strengths and weaknesses.Thus, this paper explains the development of the E91 and B92 protocols, as well as the study of its theoretical foundations and obtained results.
On the one hand, the E91 implementation presented here is based on a correction made on the work of the Qiskit community, which is hosted in the qiskit-community-tutorials repository [7].Some similar implementations of the E91 protocol, both software and hardware, can be found in [8][9][10].On the other hand, the implementation of the B92 protocol proposed here is a completely original work that fills a literature gap by combining the description included in the original paper with the innovative QuantumSolver library developed by the authors [11,12].The following references to previous developments [13][14][15] have also been consulted, drawing some conclusions about possible improvements that have been carried out in the implementation described in this work.
In addition, using the software architectures already built for the development of the BB84 protocol, it has been possible to provide the library with greater coherence, achieving excellent results in the simulations, which represent key support for the conception of the proposal to integrate these protocols in a hybrid solution for the security of Wi-Fi networks against the quantum threat.
Furthermore, this work can be considered avant-garde, as evidenced by the fact that The Royal Swedish Academy of Sciences decided to award the Nobel Prize in Physics 2022 to Alain Aspect, John F. Clauser and Anton Zeilinger, for experiments with entangled photons, establishing the violation of Bell inequalities and pioneering quantum information science [16].
This paper aims to perform an implementation and an in-depth study of one of the most important entanglementbased protocols, and raise its applicability in wireless networks.In addition, it also includes a comparison with another protocol, which despite not using entanglement, due to the use of non-orthogonal states, allows achieving similar results.
This document is structured as follows.Section 2 includes a description of the main theoretical aspects of the E91 protocol, some details of the developed implementation, and a graphical analysis of the obtained results.Section 3 provides the same data referring to the B92 protocol.Section 4 makes an in-depth comparison of the obtained results with both protocols.Section 5 sketches a hybrid solution based on these two QKD protocols to protect Wi-Fi networks based on the IEEE 802.11 standard from the quantum threat.Finally, Sect.6 closes the paper with some conclusions and future work.
2 Simulation of the E91 protocol

Theoretical basis
Quantum key distribution is a cryptographic protocol that involves quantum mechanics to allow two parties to produce a shared random secret key.Since in quantum mechanics, the measurement process of a quantum system generally perturbs the system, this property can be used to detect eavesdropping between two communicating users.The first QKD scheme, the well-known BB84 protocol, uses photon polarization states to transmit information.Unlike that scheme, the E91 protocol uses entangled pairs of qubits.In particular, pairs of particles are emitted towards the two legitimate users, Alice and Bob, such that the entangled qubits are generated through one of the four the Bell states: jW À i (see Eq. ( 1)).Thus, one qubit from each entangled pair is assigned to each of the two communicating users, Alice and Bob.
In the E91 protocol, three measurement bases are considered for each participant, defined by: fa ~1; a ~2; a ~3g for Alice, and fb ~1; b ~2; b ~3g for Bob.For simplicity, both vectors, a ~j and b ~j (j ¼ 1; 2; 3), lie in the x À z plane, perpendicular to the trajectory of the entangled qubits.The Bloch vector notation of each basis is shown in Fig. 1.
Fig. It is also important to emphasize that ''observable'' refers to the measurement with respect to that basis.Each participant, Alice and Bob, after receiving their assigned qubits, proceeds to measure them by randomly selecting, for each qubit, one of the three available measurement bases.The results are stored privately for each entity.The bases on which the measurements were taken are then shared, which poses no risk since the qubits have already been sent and measured.
In those cases where the measurement bases chosen by Alice and Bob have been equivalent: ða ~2=b ~1 or a ~3=b ~2Þ, it will be possible to ensure that, if there has been no eavesdropping, Alice will have obtained the bit-flipped version of Bob's result and vice versa, thanks to the use of the entanglement based on the antisymmetric Bell state jW À i. Figure 2 shows the complete bipartite graph representing all possible combinations of Alice and Bob's measurements.In accordance with this, it can be estimated that, taking the bases at random, approximately 2  9 of the qubits will be measured correctly.
For qubits measured with one of the two correct base combinations, a secret key is obtained which is known only to the legitimate participants in the communication.Furthermore, in the E91 protocol it is possible to verify the robustness of the quantum channel and demonstrate the security of that key.For this purpose, the computation of the C value of the so-called CHSH correlation must be used.CHSH stands for Clauser, Horne, Shimony and Holt, who in [17] proved certain consequences of entanglement related to quantum correlations defined by the expectation values of the products of the outcomes.Specifically, in the E91 protocol it is computed using some of the measurements that were not used for the generation of the shared secret key.
With entanglement based on the antisymmetric Bell state, as in the E91 protocol, it has been proven [18] that some incorrect combinations of bases of Alice and Bob (see Fig. 3) can be used to obtain a CHSH equal to À2 ffiffi ffi 2 p if there is no interception in the channel.For instance, considering the measurement bases a ~1=b ~1, a ~1=b ~3, a ~3=b ~1 and a ~3=b ~3, we have that: Therefore, if after running the E91 protocol, the value is obtained for each of the four possible combinations of useful bases of Alice and Bob shown in Fig. 3, then it can be assured that there has been no interception in the quantum channel.Small deviations from this value could be caused by noise in the quantum channel.However, large deviations could mean that communication is compromised.In that case, as in similar protocols, the current operation should be aborted and resumed from the beginning until a good correlation value is achieved.Once the security of the key has been verified, it can be used with any secure secret key encryption.For example, taking advantage of the fact that it is a random key, a one-time pad can be used in which the sender and receiver encrypt and decrypt binary messages using an XOR operation.This is a protocol where, unlike others, almost all transmitted qubits are used.This is so because most of the values resulting from the measurements on the incorrectly measured qubits that are not valid as part of the key, are nevertheless used to calculate a variable that indicates the security of the communication.In previous protocols, such Alice Bob co rr ec t ba si s co rr ec t ba si s Fig. 2 Qubit measurement possibilities using the E91 protocol as BB84, those qubits were completely discarded as useless.Thus, the correlation calculation in the E91 protocol allows the detection of Man-in-the-Middle attacks or the discovery of a corrupted source of interleaved pairs.Six years after the E91 protocol was first proposed, an implementation of polarization entangled photon distribution using free-space optics [19] was achieved.This was the first step towards a physical implementation of the protocol.Thus, three years after this milestone, the generation of secret keys of up to 800 bits per second was achieved, with a separation between Alice and Bob of 360 ms [20].Recently, it has been possible to generate secure keys over distance ranges between 530 and 1000 kms at a rate of 3.5 bits, using a low-Earth-orbit satellite [21].

Implementation details
The QuantumSolver library for quantum development [11], recently created and released by the authors of this paper, offers a simple solution to the difficulty of first contact with this type of technology.It manages to encapsulate quantum software in an intuitive way, facilitating possible contributions to this open source project [12].It includes two different interfaces: command line and web.Each of them is linked to a different audience profile: the first one for people more experienced in software development and computer programming, and the second one for the general public.The results produced by this tool are of great relevance since it allows the execution of the included algorithms, on real quantum hardware offered by IBM, as well as on simulators.The library was initialized with the implementation of the QKD protocol BB84 [4].
The development carried out in this work was integrated into the QuantumSolver library.To represent the participants, an intuitive hierarchy of classes was developed.On the one hand, the abstract class Participant collects common methods and data, such as the attributes of values, axes, keys, etc.On the other hand, its derived classes, Sender and Receiver, contain the specific functions of each entity.
To simulate the eavesdropping case, an Eavesdropper entity was implemented, which randomly chooses the measurement to perform (W W or Z Z) on all the qubits it intercepts.These measurements are made before the intervention of Alice and Bob, so their results will be modified in such a way that the change in the calculation of the CHSH correlation value can be detected.Thus, the more qubits the eavesdropper intercepts, the more knowledge it will have about the generated key, but at the same time it will also produce a greater deviation from the expected value of the calculated CHSH correlation.Therefore, in the implementation it has been decided to check that the computed CHSH correlation does not deviate more than 10% from the expected value (see Eq. ( 3)).
Once the eavesdropping control has been successfully passed, the Sender and Receiver entities proceed to consider the generated key as secure to be used.Thus, in the implementation, the Sender entity encrypts with a one-time pad the original message with that secret key, the transmission of the encrypted message over a classic channel is simulated, and the Receiver entity proceeds to decrypt the received message.A final additional check is made by comparing the original message with the final message obtained after decryption, expecting full equivalence between both.Thus, when running the implemented simulation, the user is prompted for a text string as the message, along with a floating number between 0 and 1 as the intercept density.The latter refers to the qubit rate that the Eavesdropper entity Eve will measure.Once the different arguments are entered, the values and axes of Eve, Alice and Bob are displayed.After this, the generated keys are displayed, the correct correlation value is checked, and the data on the mismatch between the key values of Alice and

Alice
Bob Bob are calculated, as well as the percentage of knowledge that Eve has about the two keys.If the CHSH correlation check is successful, the encryption and decryption steps described above are performed and the results are displayed.

Analysis of the results
After running the protocol several times, various heat maps have been produced to represent data obtained from the simulations.For this experimental mode, several conditions were specified.The maximum length of the message, in number of bits, defines the x-axis in the heat map, taking positive integer values in increments of 10 units from 10 to that maximum.The value of the interception density step defines the y-axis of the heat map, taking 1  step values between 0 and 1.The last parameter to specify is the number of repetitions for each generated instance of the problem.For each experiment, three color maps are generated.The examples shown Figs. 4, 5a and 5b, have been generated with the parameters of maximum message length taking the value 300, density step equal to 0.1, and 20 repetitions of each instance.
The first of these color maps is here called Security graph (see Fig. 4)).In lighter colors it shows the conditions (interception density and message length) in which there have been more occasions where the communication has been considered secure.In darker colors it indicates the communications in which more interceptions have been detected.In the simulations carried out, a tendency to obtain greater security of the protocol can be seen as the message length increases.This is so because in the executions represented on the left, the number of qubits is not sufficient to guarantee correct operation.
The second color map, here called Average correlation graph (see Fig. 5a), shows the value obtained by the average correlation for each generated scenario.In white are those cases in which it was impossible to calculate the correlation because they were messages with a lack of information in the data due to short length.It can be seen how slight variations, not too significant, lead to greater uniformity as the length of the message increases.
Finally, the Average correlation check graph (see Fig. 5b), shows whether the average correlation calculated in the previous graph meets the condition that guarantees secure communication (see Eq. ( 3)).Specifically, it is shown in blue when it is met, and in red otherwise.It is seen that when the message already has a relevant length, it remains stable, considering secure communications with approximately less than 20% of the interception density.This is because if Eve measures 20% of the transmitted qubits, it will only obtain approximately (0:2 Á 2 9 % 4:44) 5% of the information from Alice's and Bob's keys.The protocol manages to guarantee that, when this percentage of knowledge takes higher values, the communication is considered insecure, aborting its execution.
3 Simulation of the B92 protocol

Theoretical basis
One year after the publication of the E91 protocol, Charles H. Bennett defined a QKD protocol called B92 [6], without using entangled pairs, but taking advantage of nonorthogonality properties.In fact, the B92 protocol can be seen as a simplification of the BB84 protocol [4].
This protocol requires n iterations to generate a random shared secret key that is about n 4 bits in size.First, Alice randomly generates one of the two possible bit values 0 and 1, encodes it respectively with the orthogonal states j0i or jþi, and sends this qubit to Bob. Bob then performs the measurement of the received qubit exactly as in the BB84 scheme, choosing randomly between the two possible bases: computational fj0i; j1ig, or Hadamard fjþi; jÀig.The bits for the key will be those corresponding to measurement results that uniquely determine actual values sent by Alice, which are identified here as ''positive reading''.For greater clarity in the explanation of this protocol, Fig. 6 shows a graphic scheme of all possible measurement cases.
That image shows the two cases where Bob can be sure of the bit that Alice sent.On the one hand, if Bob chooses the computational measurement base and gets the j1i then he is sure that Alice sent bit 1.On the other hand, if Bob chooses the Hadamard measurement base and gets the jÀi then he is sure that Alice sent bit 0. The rest of the cases are "positive reading" 50% "positive reading" 50% "negative reading" 100% "negative reading" 100% " n e g a t i v e r e a d i n g " 5 0 % " n e g a t i v e r e a d i n g " 5 0 % Fig. 6 Measurement possibilities in qubits using the B92 protocol here called ''negative reading'' since with none of them Bob is certain about the bit sent by Alice.For that reason, those cases of ''negative reading'' are discarded.Thus, approximately 3  4 of the sent qubits will be discarded.A detailed example is shown below, contemplating all the measurement possibilities.In this case, Alice sends the random j0i state to Bob, which he can measure in two different ways: 1. Using the computational basis fj0i; j1ig: • In this case Bob gets the j0i state with 100% probability.However, this reading is ''negative'' because he cannot be sure whether Alice actually sent the j0i or because she sent the jþi state and when he made the projection it was defined to j0i (since this occurs with a 50% probability).Given this uncertainty, this state is discarded.
2. Using the Hadamard basis fjþi; jÀig: • In half of the cases, Bob will obtain jþi state.As before, he discards this value as a ''negative reading'' because it can be obtained either if Alice sent the jþi state or due to a random projection of Alice's j0i state.• In the other half of the measurements, Bob will measure the jÀi state.By getting this result, since it is a state that does not belong to the possible ones sent by Alice, Bob can be completely sure that Alice sent the qubit of a basis that is non-orthogonal to the one used by him to measure.Thus, this corresponds to a ''positive reading'' of the j0i state because there is no possibility of measuring, with respect to the Hadamard basis, the jÀi state when the state sent is its orthogonal jþi state.Therefore, the value obtained in this case is considered a bit of the key.

Implementation details
The implementation of the B92 protocol carried out in this work was also integrated into the QuantumSolver library [12].The class Participant creates an array of length n of random binary values to represent which values are transmitted by the class Sender and how they are measured by the class Receiver.
In the implementation, a 0 is added to the key only when Bob measures a jÀi, and a 1 is added only when a j1i is obtained.
After sending the n qubits, a reconciliation phase occurs in which Bob indicates to Alice which qubits have not been discarded.An advantage of this protocol is that the bases used to measure the received qubits are never revealed.
Finally, an error check is performed to verify that no interception has occurred.To do this, as in the BB84 protocol, part of the publicly generated key is shared and, if there are no discrepancies, the rest of the key can be used as a shared secret key.
In the event of a secret eavesdropping attack, every time the Eavesdropper entity Eve performs a ''negative reading'' of the received state she will not know which state to send to Bob in order to remain undetected.
The approximate probability that Eve will perform a ''positive reading'' of a sent qubit is exactly the same probability that Bob has of making a measurement that gives him one more bit of his key.This probability is shown in Eq. 4.
In order for Eve not to be detected, she must make ''negative reading'' in each qubit she reads.However, this does not depend on her, but on the intrinsic quantum randomness that in 75% of the occasions will play against her.
Otherwise, she could be easily detected.To simulate the attacker, the Eavesdropper entity was modified to perform intermediate measurements on the two possible bases.Thus, cases of ''positive reading'' are randomly generated with a probability of 25%, in which Eve knows perfectly the qubit to send, having performed a transparent reading without being detected.The cases of ''negative reading'' are generated with a probability of 75%, in which Eve does not know if she has measured in the wrong base.Even so, in these cases Bob has to measure with the opposite basis to that of Eve, i.e. the basis used by Alice, and obtain a false ''positive reading'' (25% of all Eve's erroneous measurements).An example of this case can be seen in Fig. 7.

Analysis of the results
Several simulations have been conducted to generate heat maps, which represent the data obtained from the protocol.
To perform this type of experiment, specific conditions were established in the same way as in the E91 protocol Security Graph.The heat map's horizontal axis is determined by the maximum message length, measured in bits, and ranges from 10 to the maximum value, in increments of 10.The vertical axis is determined by the interception density step, which takes values between 0 and 1 in increments of 1 step .The final parameter that must be specified is the number of times each problem instance is repeated.After each experiment, the Security Graph is created.
The heat map in Fig. 8 was generated using the following parameters: a maximum message length of 300 bits, a density step of 0.1, and 20 repetitions for each instance.Lighter colors indicate situations in which communication has been considered secure more frequently.Conversely, darker colors indicate situations where more interceptions have been detected.This color gradient is determined by both interception density and message length conditions.It can be seen how a curve tending to zero is obtained very quickly.This demonstrates the safety of the protocol even with very few qubits, since there is only an error in those cases with insignificant numbers of qubits.
For a better visualization of the curve, another graph has been generated (see Fig. 9) focusing on shorter messages with a higher number of repetitions and steps.For this, 10-bit jumps in the message length were implemented.The variables took the following values: a maximum length of 70 bits, a density step of 0.05, and 30 repetitions for each instance.

Discussion
When it comes to adopting a particular QKD protocol for an implementation, there is no absolute best solution for all situations that may arise.Therefore, several factors must be taken into account: • The expected throughput of the communication channel.• Budgetary considerations.
In Table 1   (EPR), if the Bases used for the measurement are Published (PB) and the Average number of Qubits that end up being useful to form the key (AQ).Although the characteristics of each protocol affect the number of discarded qubits, and therefore the ability to detect a possible intrusion, the difference in this regard becomes irrelevant as the number of qubits increases, corroborating the statistical robustness of the QKD protocols.
It is important to take into account the number of qubits with respect to the total, that become part of the key, to consider it as the effective bit rate capacity of each protocol.This may determine the selection of a certain algorithm depending on the expected use.For example, if an intensive use of the QKD implementation is estimated, higher throughput will be preferred.In this sense, it can be seen that the E91 protocol is the most suitable for this type of application.
Another consideration is the use of protocols with or without entanglement.On the one hand, the use of EPR gives us a contribution in security by not having to transmit the information directly through a quantum channel.On the other hand, it must be borne in mind that additional technology is required, which always involves cost and complications.Thus, for an appropriate choice it is necessary to analyze the technical capabilities that may be available.

QKD to protect Wi-Fi networks
Wi-Fi networks require adequate wireless security methods to protect against adversaries seeking to damage the confidentiality, integrity or availability of data.Chronologically, Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2) and Wi-Fi Protected Access 3 (WPA3) have been the security certification programs developed by the Wi-Fi Alliance to secure Wi-Fi networks so far.
The current Wi-Fi standard is WPA3 [22], mandatory from 2020 for all devices bearing the Wi-Fi CERTIFIED logo.This standard defines two different security levels: WPA3-Personal and WPA3-Enterprise.For encryption, WPA3-Personal mode mandates the use of AES-128-CCM while WPA3-Enterprise mode offers a mode to protect sensitive data with AES-256-GCM.For the secret key agreement, WPA3-Personal mode uses Simultaneous Authentication of Equals (SAE) based on the Diffie-Hellman key exchange protocol, while WPA3-Enterprise mode uses a secret key generated after IEEE 802.1X authentication based on a challenge and response-based authentication protocol between client and server with their respective public-key certificates.Thus, WPA3-Personal follows a decentralized model while WPA3-Enterprise follows a centralized one.
Given the foreseeable future availability of sufficiently powerful quantum computers, current cybersecurity products and services, such as Wi-Fi, which are based on prequantum cryptography, can no longer be considered secure.As aforementioned, the encryption used in Wi-Fi networks is AES, which is a symmetric scheme.Grover's quantum algorithm involves speeding up the exhaustive force attack against symmetric ciphers, but simply doubling the key size can effectively block that attack.Thus, AES in WPA3 does not need to be superseded for the post-quantum era.As for the encryption system, the only thing that will be needed in the WPA3-Personal and WPA3-Enterprise modes is updating the lengths of the AES encryption keys to be considered quantum resistant.In particular, this means that the WPA3-Personal mode will require AES-256 while the WPA3-Enterprise mode will require a version of AES with keys of 512 bits.
Unlike the above, the key agreement schemes used in both modes will need to be replaced or complemented because both cases use public-key cryptography based on discrete logarithm or factorization problems, which can be broken with the quantum Shor's algorithm.
Thus, this work outlines a hybrid solution to protect WPA3 networks against the quantum threat based on the two previously discussed QKD protocols E91 and B92.For one, the decentralized SAE-based key agreement used in WPA3-Personal could be replaced or supplemented with the B92 QKD protocol.For the other, the centralized IEEE 802.1X-based key agreement used in WPA3-Enterprise could be replaced or supplemented with the E91 QKD protocol.A preliminary study of a prototype implementation of both cases is currently underway.For the time being, a main program has been developed with an interactive menu, which prompts the user for the desired security level of a WPA3 network: Personal or Enterprise.
In this way, the QKD algorithm to be executed and the length of the key to be generated will be defined.On the one hand, if the user chooses WPA3-Personal mode, a secure shared random binary key of length 128 will be generated using B92.On the other hand, if the WPA3-Enterprise mode is selected, a key of length 192 will be obtained through the E91 protocol.In Figs. 10 and 11 the execution outputs can be seen, demonstrating the correct operation of the experiments carried out by means of the described development.The proposal described above allows generating keys for Wi-Fi networks, which are secure against the quantum threat.In that way, the security of WPA3 networks will no longer depend on the fact that certain problems are intrinsically difficult to solve in a practical time.Instead, the model relies on shielding the system through the fundamental laws underlying quantum mechanics.

Conclusion
This paper presents a software implementation of the E91 and B92 QKD protocols using IBM Qiskit framework.This implementation takes advantage of the intuitive class structure to represent the different relationships between the two collaborating entities in the simulated communication of the QKD protocols.Besides, it extends the QuantumSolver toolset developed by the authors,  producing interesting results that allow confirming the theoretical framework through various heat maps.This work also includes a preliminary analysis of the potential of the application of these two QKD protocols for their hybrid application in Wi-Fi networks based on the IEEE 802.11 standard.Likewise, an implementation prototype is presented here in which the user can choose between both modes of WPA3: Personal or Enterprise, so that the most appropriate QKD protocol is applied in each case to generate the shared secret key for AES encryption.The findings with the prototype of the B92 and E91 simulations as key agreement protocols embedded, respectively, in the WPA3-Personal and WPA3-Enterprise modes are expected to lead to implementation improvements in the future.

Fig. 3
Fig.3Useful measurements (in black) for eavesdropping detection in E91

Fig. 4
Fig. 4 Security graph generated in experimental mode of E91 implementation

Fig. 5
Fig. 5 Heat maps generated in experimental mode of E91 implementation

r r e c t b a s i s 2 5 %Fig. 7 Fig. 8 Fig. 9
Fig. 7 Example of eavesdropping attack in the B92 protocol

Fig. 10
Fig. 10 Main menu of the QKD prototype and execution for WPA3-Personal

1
Bases used in the E91 protocol represented on the Bloch sphere a comparison of the general characteristics of the protocols included in this work can be seen.It shows the Number of Bases used (NB), if it uses entanglement

Table 1
Comparison of QKD protocols