SECURITY OF QUANTUM CRYPTOGRAPHY AGAINST INDIVIDUAL ATTACKS

An attempt to eavesdrop on a quantum cryptographic channel reveals its elf through errors it inevitably introduces into the transmission. We investigate the relationship between the induced error rate and the ma ximum amount of information the eavesdropper can extract, in both the two-state B92 [B92 refers to the work of C. H. Bennett, Phys. Rev. Let t. 68, 3121 (1992)] and the four-state BB84 [BB84 refers to the work o f C. Ii. Bennett and G. Brassard, in Proceedings of the IEEE Internati onal Conference on Computers, Systems, and Signal Processing, Bangalor e, India (IEE, New York, 1984), pp. 175-179] quantum cryptographic pro tocols. In each case, the optimal eavesdropping method that on average yields the most information for a given error rate is explicitly cons tructed. Analysis is limited to eavesdropping strategies where each bi t of the quantum transmission is attacked individually and independent ly from other bits. Subject to this restriction, however, we believe t hat all attacks not forbidden by physical laws are covered. Unlike pre vious work, the eavesdropper's advantage is measured in terms of Renyi (rather than Shannon) information, and with respect only to bits rece ived error-free by Bob (rather than all bits). This alters both the ma ximum extractable information and the optimal eavesdropping attack. Th e result can be used directly at the privacy amplification stage of th e protocol to accomplish secure communication over a noisy channel.