BB84 is the classic introductory protocol for quantum key distribution. Its goal is to let two parties, traditionally called Alice and Bob, create a shared secret key while making eavesdropping detectable. The protocol uses single photons prepared in different polarization bases. In this calculator, the two bases are the rectilinear basis and the diagonal basis. The central idea is simple: if a photon is measured in the wrong basis, the result is fundamentally uncertain, and that disturbance can reveal an eavesdropper.
Alice begins with a random bit string. For each bit, she also chooses a random basis:
the rectilinear basis, often denoted \(Z\), or the diagonal basis, often denoted \(X\).
She then encodes each bit into a polarized photon. Bob, not knowing Alice’s basis choices, also chooses a random basis for each incoming photon and measures it.
After the transmission, Alice and Bob publicly compare only their basis choices, not their actual bit values. They keep only the positions where their bases match. This subset is called the sifted key. Because each side chooses between two bases at random, the probability of a basis match is about one half, so the expected sifted key length is approximately
\[
L_{\text{sift}} \approx \frac{N}{2},
\]
where \(N\) is the total number of transmitted photons. For the sample input of eight bits, the expected sifted key length is therefore about four bits, which matches the prompt’s sample output.
In the ideal no-noise case, if there is no eavesdropper, then Bob’s bits should agree perfectly with Alice’s on the sifted positions. That means the quantum bit error rate, usually abbreviated QBER, is
\[
Q = \frac{\text{number of sifted-bit errors}}{\text{sifted key length}} \approx 0.
\]
Now consider Eve performing an intercept-resend attack. She measures each photon in a random basis of her own and then resends a new photon to Bob based on her result. If Eve chooses the wrong basis, she disturbs the encoded state. That disturbance does not always show up, but when Alice and Bob later compare a sample of the sifted key, it creates an error rate. For ideal intercept-resend eavesdropping, the expected error rate on the sifted key is
\[
Q \approx 25\%.
\]
This is the signature that BB84 uses to detect interference.
To check for eavesdropping, Alice and Bob publicly reveal a subset of their sifted bits. Suppose they compare \(m\) sifted bits. In the ideal intercept-resend model, each checked sifted bit avoids revealing Eve only with probability \(3/4\). Therefore the probability of detecting Eve after checking \(m\) sifted bits is
\[
P_{\text{det}} = 1 - \left(\frac{3}{4}\right)^m.
\]
This formula is one of the most useful summary results for BB84. It shows that the chance of catching an eavesdropper grows rapidly as more sifted bits are compared.
The calculator simulates one explicit BB84 run. That means it shows the actual randomly chosen bases, the resulting sifted positions, the observed QBER, and the detected or undetected status of the revealed sample. Since the run is random, the exact sifted length and exact error pattern vary from one simulation to another, even though the average behavior follows the theoretical expectations.
At a more advanced university level, one studies realistic detector noise, finite-key statistics, privacy amplification, error correction, photon-number splitting, and decoy-state protocols. Those refinements matter in real quantum cryptography systems. This calculator deliberately stays with the idealized BB84 picture so that the logic of basis mismatch, disturbance, and detection remains clear.
\[
L_{\text{sift}} \approx \frac{N}{2},
\qquad
Q = \frac{E}{L_{\text{sift}}},
\qquad
P_{\text{det}} = 1-\left(\frac{3}{4}\right)^m.
\]
These relations summarize the essential BB84 ideas: random basis choice reduces the raw key to a sifted key, eavesdropping creates errors, and publicly checking part of the sifted key lets Alice and Bob detect that disturbance.
