Quantum Money and Quantum Key Distribution

This note is part of [[quantum/Practical Quantum Information System]]. > [!info] Course code > Use the companion repository for this lecture's runnable lab, helper functions, and regression checks: > - [notebooks/by_concept/quantum_money_and_quantum_key_distribution.ipynb](https://github.com/montekkundan/quantum-code/blob/main/notebooks/by_concept/quantum_money_and_quantum_key_distribution.ipynb) > - [qcourse/protocols.py](https://github.com/montekkundan/quantum-code/blob/main/qcourse/protocols.py) > - [tests/test_protocols_algorithms_qec.py](https://github.com/montekkundan/quantum-code/blob/main/tests/test_protocols_algorithms_qec.py) [TODO: add video - Quantum Money and Quantum Key Distribution] ## What This Concept Is One of the most satisfying moments in quantum information is when a foundational limitation turns into an applied advantage. Quantum money and quantum key distribution do exactly that. They take facts like no-cloning and measurement disturbance and convert them into protocol-level security features. Wiesner's quantum money is historically important because it shows how unknown quantum states can behave like unclonable tokens. BB84 quantum key distribution then turns similar ideas into a communication protocol where eavesdropping leaves a detectable statistical trace. ## Foundation Terms You Need First The [[quantum/Glossary#No-cloning theorem|no-cloning theorem]] says unknown states cannot be perfectly copied. A [[quantum/Glossary#Qubit|qubit]] prepared in one basis does not generally reveal a stable answer when measured in an incompatible basis. A security protocol such as BB84 relies on that incompatibility rather than on computational hardness. The important perspective is that these protocols are not secure because the math is inconvenient for an attacker. They are secure because the physics itself limits what an attacker can do invisibly. ## How The Idea Actually Works In Wiesner-style quantum money, a bank can encode information into quantum states chosen from incompatible bases. Someone trying to verify or copy the token without the preparation information faces a problem: measuring in the wrong basis disturbs the state, and copying is not available as an escape hatch. BB84 uses a closely related idea. Alice prepares qubits in one of two conjugate bases. Bob measures in randomly chosen bases. Later they compare basis choices publicly and keep only the events where the bases matched. That sifted subset can become a key because an eavesdropper who guessed bases incorrectly would have introduced an elevated disagreement rate. What makes this beautiful pedagogically is that the security signal is statistical and physical at the same time. Eve does not need to be stupid or computationally weak. She just cannot extract basis-dependent information from unknown states without risking disturbance that Alice and Bob can detect. This note is also a good reminder that quantum protocols are usually hybrid. The interesting resource is quantum, but the full workflow includes classical basis reconciliation, error checking, and post-processing. ## Why It Matters - It shows how a physics limitation becomes an information-processing advantage. - It connects early foundational ideas directly to real communication protocols. - It gives you one of the first places where "quantum" means more than faster computation. ## Study Checks Use these after the explanation, not before it. ### Quick Checks - What is the basic BB84 eavesdropping signal under intercept-resend? **Answer:** An elevated error rate in the sifted key, typically 25 percent for the simplest intercept-resend attack. ## Practical Lab Run BB84 end to end so the security claim comes from changed statistics rather than from the protocol name. - Implement random basis preparation, random basis measurement, and key sifting. - Add an intercept-resend eavesdropper and compare the observed disagreement rate against the honest run. - Summarize exactly which measurements signal the presence of Eve and which steps are purely classical post-processing. ## Homework Connect no-cloning, disturbance, and protocol behavior clearly. - Explain why BB84 can detect eavesdropping even if Eve is computationally powerful. - Describe Wiesner quantum money in one concise paragraph. - Use your lab data to explain why the intercept-resend attack increases the disagreement rate. ## Additional Study Notes Wiesner-style private-key quantum money is not factoring-based. The security intuition comes from unknown states in incompatible bases, measurement disturbance, and no-cloning. The point is not that the state has an exponentially long classical description. The point is that a counterfeiter cannot perfectly learn or copy the bank's secret basis choices. For the quantum one-time pad, remember the two-bit lesson first. A single $X$ mask is not enough because $|+\rangle$ and $|-\rangle$ are eigenstates of $X$. Using both $X$ and $Z$ masks fixes this: averaging uniformly over the four Pauli masks sends every one-qubit input density matrix to $I/2$, so Eve's measurement statistics are independent of the original qubit. For $n$ qubits, the same idea becomes an average over all tensor-product Pauli masks. Uniformly averaging over all $X$ and $Z$ choices gives the maximally mixed state $I/2^n$, even when the original $n$-qubit state is entangled internally. A useful proof exercise is to show why one shared secret bit cannot perfectly encrypt an arbitrary qubit. With only two possible unitaries $U_0$ and $U_1$, perfect secrecy would require the average of $U_0|\psi\rangle$ and $U_1|\psi\rangle$ to be $I/2$ for every input. That would force $U_0|\psi\rangle$ and $U_1|\psi\rangle$ to be orthogonal for every $|\psi\rangle$. Equivalently, $\langle\psi|U_0^\dagger U_1|\psi\rangle=0$ for every $|\psi\rangle$, which is impossible because the unitary $U_0^\dagger U_1$ has an eigenvector with a nonzero eigenvalue. ## References - Scott Aaronson, [Introduction to Quantum Information Science](https://www.scottaaronson.com/qclec.pdf), Lectures 7 and 8. - IBM Quantum Learning, [learning portal](https://quantum.cloud.ibm.com/learning/en). - Microsoft Learn, [Azure Quantum documentation](https://learn.microsoft.com/en-us/azure/quantum/).