Variations of QKD Protocols Based on Conventional System Measurements: A Literature Review

Abstract

Cryptography is an unexpected revolution in information security in the recent decades, where remarkable improvements have been created to provide confidentiality and integrity. Quantum cryptography is one such improvement that has grown rapidly since the first announced protocol. Quantum cryptography contains substantial elements that must be addressed to ensure secure communication between legitimate parties. Quantum key distribution (QKD), a technique for creating a secret key, is one of the most interesting areas in quantum cryptography. This paper reviews some well-known quantum key distribution techniques that have been demonstrated in the past three decades. Furthermore, this paper discusses the process of creating a secret key using quantum mechanics and cryptography methods. Moreover, it explains the relationships between many basic aspects of QKD protocols and suggests some improvements in the cryptosystem. An accurate quantitative comparison between the QKD protocols is presented, especially the runtime execution for each QKD protocol. In addition, the paper will demonstrate a general model of each considered QKD protocol based on security principles.

1. Introduction

For several years, cryptographers have experimented with encryption/decryption techniques to create effective and robust methods to secure communications between two or more legitimate entities. The first known method is conventional (classical) cryptography, which involves sharing a message between two legitimate parties through insecure channels (for example, the Internet). The shared message (plaintext) should be sent from Alice (the sender) to Bob (the receiver) without the intervention by Eve (an eavesdropper). To prevent impersonation and listening, both Alice and Bob are supposed to send an X encrypted plaintext. Alice encrypts the plaintext X to become ciphertext C. On the other hand, Bob decrypts the ciphertext C to reveal the original plaintext X. The two legitimate participants use a shared code (secret key) to produce a ciphertext C [1]. For a long time, various algorithms have been used in the cryptosystem, and Caesar Cipher is one of them. Later, several cryptographic algorithms were introduced based on the large amount of data used by the Internet. RSA [2] and Diffie-Hellman [3] are the two most popular classical algorithms used in today’s cryptographic systems.

Due to the huge amount of data that is shared over the Internet, classical cryptography may not provide sufficient protection. Hence, scientists are seeking a more reliable system based on the law of physics. A quantum system is the next solution for cryptography, where quantum cryptography is empowered by quantum mechanics. The power of quantum cryptography was initially introduced by Wiesner and Bennett in 1979 [4,5]. Quantum cryptography applies theories of physics to produce a secret key that can be shared by communicating parties. Moreover, sharing a secret key usually contains a random string of qubits (quantum bits) between the two entities. The encryption/decryption of plaintext X are processed using a quantum system [6]. This quantum system operates based on the principles of physics and generates a secret key that is shared between communicating parties. These parties can communicate over insecure (public) channels to confirm the uncovered qubits (sifting phase). Therefore, Quantum Key Distribution (QKD) provides a secret key generator that can be guaranteed by the law of physics. Generally, QKD protocol consists of two approaches to deal with a string of qubits: the first approach is a Discrete Variable (DV), which is coded in the quantum state of a single photon, and the binary data should be measured using a single photon detector, while the second approach contains a Continuous Variable (CV), which is encoded on coherent states of weak pulses of light. Continuous data values are measured using homodyne detection methods [7], where CV systems should offer advantages over traditional DV systems. These advantages could be reflected in a higher secret key exchange rate for short distances, lower cost, or compatibility with telecommunication technologies.

Although quantum computers are light years away from today’s technology, current cryptologists are exploring the impacts of this future technology, especially by breaking the current cryptosystem, which is based on prime factors of large numbers, such as ECC and RSA. Moreover, these impacts are a threat to cryptography elements such as confidentiality, data integrity, and authentication (digital signature). Consequently, breaking public-key cryptography requires a quantum computer that is supposed to be at least ($\approx 2000 \mathrm{qubits}$). Therefore, this quantum computer would break a prime factor of a great number in milliseconds. Usually, breaking an RSA encryption using an existing classical system (even power computers) would take hundreds of years [8].

This paper highlights the mechanisms and processes that are used to produce a secret key in quantum system using QKD protocols such as the BB84 protocol, SARG04 protocol, B92 protocol, Coherent-One-Way (COW) protocol, KMB09 protocol, EPR protocol, S09 protocol, Differential-Phase-Shift (DPS) protocol, and S13 protocol. Although many interesting QKD protocols have been announced in the quantum cryptography world, these QKD protocols determine the most applicable and well-known protocols.

2. Literature Review

In 1984, Bennett and Brassard invented the first quantum key distribution protocol, which became the first step toward quantum cryptography [9,10]. Many recent QKD protocols have been designed based on Bennett and Brassard’s algorithms, particularly the quantum channel. A quantum key distribution protocol has been adopted to generate a shared key using quantum mechanics. This shared key is supposed to be confirmed in sifting and correcting error phases, where both phases should be applied during the classical communication channel. Each QKD protocol has a certain design that makes the generation of a secret key either secure or weak. These designs will be explained later based on the original protocols.

Section 2.1 presents the history of classical cryptography, and Section 2.2 explains quantum cryptography as well as the known QKD protocols. Finally, the paper presents outcomes of the QKD protocol comparisons and experiments that mainly focus on runtime execution during secret key exchange.

2.1. Classical Cryptography

Classical (conventional) cryptography relies on the complexity and difficulty of computing mathematical equations. This complexity will help Alice and Bob hamper Eve by exposing submitted messages or taping some of the contents. However, the reality of classical cryptography depends on the ability to stop threats caused by two types of cyber-attacks. One attack is called an active attack, and the other is called a passive attack. Active attacks can involve changes in the submitted data, unlike passive attacks that tap data without any changes. Historically, classical cryptography was explored in 1900 B.C., after the discovery of some messages that had been written in an ancient Egyptian tomb [11]. Subsequently, several cryptographic algorithms [1] were introduced, and all of these algorithms have the same goal, which is inferred by creating a secret shared key as follows:

C = E {K, X}, and then X = D {K, C}.

In addition, many encryption/decryption algorithms have been developed in classical cryptography, such as the RSA algorithm. The RSA algorithm [2] uses a cryptography method that is based on the complexity of computing prime factors of large integers. Moreover, there are many cryptographic algorithms [12,13] that possess stability and applicability in today’s classical system. However, these algorithms will most likely fail once a quantum computer exists. The main reason behind the failure of the classical system is due to the power of the quantum system, especially the processing speed of the quantum machine. Because of the high degree of parallelism in quantum machines introduced by superposition states, the time required for factoring a large prime number is small compared to a classical machine.

Generally, classical cryptography is considered secure, as long as the quantum computer is not publicly available. The weakness of classical cryptography is related to the time needed to encrypt/decrypt algorithms, which can be a cryptanalysis solution for any cryptographic algorithm. However, the mechanism of encrypting/decrypting any kind of plaintexts in the classical system is applicable and simple operations, but it contains difficult mathematical equations that are impenetrable for any attack as shown in Figure 1. The main purpose of a cryptographic system is to send a message from Alice, who converts the plaintext X to ciphertext C using one of the available algorithms (e.g., DES, 3DES, AES, Diffie-Hellman, RSA, etc.), and then the ciphertext is sent through one of the classical communication channels (e.g., the Internet) to Bob. Hence, Bob converts the ciphertext C to plaintext X by decrypting the ciphertext using only a shared key (secret key) in symmetric cryptography methods. In asymmetric cryptography methods, Alice and Bob use the same previous scenario except that two shared keys (public and private keys) are required between the communicating parties [14].

2.2. Quantum Cryptography

Presently, quantum cryptography is a sparkling topic in the field of communications and information technology. There is no doubt that the main focus of the cryptosystem is to prevent any entity from accessing the shared data, except for legal correspondents. Confidential communications between the sender and the receiver message must be ensured, and the principles of quantum communication ensure that data are transmitted over a secure channel with notification in the event of a data interruption.

Quantum cryptography uses symmetric key encryption, which is very common in classical cryptography methods. Moreover, symmetric key encryption provides straightforwardness between communicating parties in a quantum system, such as the One-Time Pad (OTP) encryption technique [15]. Furthermore, the Shared Secret Key (SSK) is used in the OTP mechanism by converting the entire plaintext X into a long string of n-bits. On the other hand, the SSK should be created to match the same length (number of bits) of the original plaintext X, where the plaintext X and secret key SSK will be XORed $(\otimes )$ to produce a ciphertext C. This process can be used in quantum cryptography when both legitimate parties obtain an SSK with the known plaintext X. An interesting point in quantum cryptography is the inability to make a copy of the original plaintext X or even listen to the message content by an eavesdropper, due to the rules of quantum mechanics (non-cloning theory) [16]. For instance, if two connected terminals are interrupted during a quantum communication, then the quantum system will be altered. This alteration is recognized by destroying the content of the message. Therefore, communicating parties can detect the information attacks, while the eavesdropper cannot take advantage of a system interruption.

Furthermore, several requirements are available to achieve secure communication using quantum systems. The first condition is a quantum channel, where the submitted data (set of quantum bits) is transmitted. The quantum channel should be either free space or fiber optics [17]. The data submitted in the quantum channel includes information about the shared secret key (SSK), which is carried by elementary particles. The second condition consists of a classical channel that should be established to recognize whether the shared key was detected by an eavesdropper or altered by the environment [18]. The classical channel uses a sifting process to correct errors that occur during the transmission of quantum channel. In addition, it is used to terminate the communication initiated between the parties if the detected error rate is high.

Public key cryptography provides only a certain amount of protection. Therefore, quantum mechanics will provide a complete solution for the next generation of secure communication networks. Quantum cryptography is based on quantum mechanics, in which some of theories of physics are applied. Moreover, there are many physical quantities or observables, such as photon polarization, momentum, and mass that can be used in the field of cryptography [19]. Based on the law of physics, the process of exchanging information within a quantum system is naturally protected from passive attacks, but it is still a challenge for active attacks. Here, the information used is initiated as a string of bits that are converted by quantum devices into quantum bits (qubits). The qubits are directed by light filters to different polarized states $|{\mathsf{\phi }}_{\mathrm{i}}⟩$. Therefore, a single photon can be initiated and measured based on multiple states. The explanations for used symbols are shown in

Table 1. Units for quantum cryptography.

Symbol	Description
Φ	Quantum superposition of n states.
Ψ	Quantum superposition of n states.
$\otimes$	Exclusive OR (digital logical gate).
A	Alice, and usually is the sender.
B	Bob, and usually is the receiver.
↑	A state with a definite value of spin operator.
X	The original message that should be shared between Alice and Bob.
$|v⟩$	Ket-notation, where it is a vector v.
$⟨v|$	Bra-notation, where it is a linear form.
+	Non-orthogonal States.
×	Orthogonal States.
OTP	One-Time Pad.
Qubit	Quantum Bit.
QBER	Quantum Bit Error Rate.

.

Then, this paper introduces some well-known QKD protocols and explains each QKD protocol based on the mechanism of the adopted algorithm. In addition, the QKD protocols were tested and analyzed to demonstrate the differences between all selected QKD protocols.

2.2.1. The BBB84 Protocol

In 1984, the BB84 protocol was introduced by Bennett and Brassard [20]. The concept of the BB84 protocol depends on the exchange of a secret key between Alice and Bob through a secure quantum channel. The process is described as a tossing-coin, whereby two communication channels (quantum and classical channels) are initiated between Alice and Bob. The quantum channel is technically the emission of a photon in either a free space or fiber-optic cable. The classical channel is an ordinary, traditional bit-shift channel, in which communications during the classical channel do not need to be secure. Both the sender and receiver should have a random number generator and four polarizing filters to generate qubits. These requirements should be available to fulfill the quality of photon submissions [21,22].

Moreover, generating a secret key using the BB84 protocol requires each of the communicating parties (the sender and receiver) to have a random number generator that should be placed in an appropriate position. The generator can be set in the middle between the legitimate parties. Primarily, the sender (Alice) starts preparing plaintext X, which is converted to a string of bits. Simultaneously, Alice initiates a random set of bases (recliner or diagonal) that matches the length of plaintext X. These bases include four states ($|+⟩, |-⟩, |0⟩, \mathrm{and} |1⟩$). Each state on a different basis reflects the probability of (0 or 1). Furthermore, the entire prepared states $|{\mathsf{\phi }}_{\mathrm{i}}⟩$ will be submitted to a quantum channel with the same polarization of the prepared state as long as there is no interruption [23].

The probability of X encoded during Alice’s setup represents the randomness of an encryption algorithm, where encoding the same information of X many times produces various ciphertexts [24]. Although many schemes have been published illustrating the inefficiency of the BB84 protocol as well as the weaknesses in the encryption mechanism, the BB84 protocol remains a solid background for many modern QKD protocols. The BB84 protocol is also considered to demonstrate the relationship between simplicity and durability, as shown in Figure 2.

In addition, the BB84 protocol relies on the non-cloning theorem and the Heisenberg uncertainty principle to secure the submitted qubits. The non-cloning theorem is derived from the superposition principles of quantum mechanics [25]. Moreover, the non-cloning feature makes the BB84 protocol more stable by detecting any attack, although attackers never stop attempting to crack any cryptographic protocol. The Heisenberg uncertainty principle is described as the impossibility to prepare or measure states simultaneously in a specific environment based on position and momentum with quantum conditions.

In general, quantum key distribution protocols can be categorized by two disciplines of the photon behavior: the first one is based on superposition states (orthogonal/non-orthogonal) and the second one is based on the entangled states, where the BB84 protocol uses polarized orthogonal states [26]. In superposition states, Alice sends a state that should be generated on bases of $(\times )$ or $(+)$ as above, where in this case, Bob should work on one of these bases randomly. Furthermore, if Alice uses the $(\times )$ basis to submit a $|1⟩$ state, she will send a $|\nwarrow ⟩$ state. Following the same, if she wants to send a $|\uparrow ⟩$ state, and Bob already measured the $|\uparrow ⟩$ state in the $(+)$ basis, he will record a $|1⟩$ state. Additionally, if Alice sends a photon as $|\nearrow ⟩$ or $|\nwarrow ⟩$ state and Bob just measures the photon in the basis $(+)$, the measurement will be in the polarized states in Equation (1) as follows:

$$\begin{gathered} |\nearrow ⟩=\frac{1}{\sqrt{2}}\left(|\uparrow ⟩+|\to ⟩\right), \\ |\nwarrow ⟩=\frac{1}{\sqrt{2}}\left(|\uparrow ⟩+|\to ⟩\right). \end{gathered}$$

(1)

Therefore, there is a 50% chance of recording $|0⟩$ or $|1⟩$ state by Bob as well as four possibilities [9] in Equation (2) as follows:

$$\begin{gathered} |\nwarrow ⟩ with (+)=\frac{1}{\sqrt{2}}\left(|\uparrow ⟩-|\to ⟩\right), \\ |\nearrow ⟩ with (+)=\frac{1}{\sqrt{2}}\left(|\uparrow ⟩+|\to ⟩\right), \\ |\uparrow ⟩ with (\times )=\frac{1}{\sqrt{2}}\left(|\nearrow ⟩+|\nwarrow ⟩\right), \\ |\to ⟩ with (\times )=\frac{1}{\sqrt{2}}\left(|\nearrow ⟩-|\nwarrow ⟩\right). \end{gathered}$$

(2)

These possibilities are shown on the Bloch sphere to display the measure of each polarization state that can be displayed in a three-dimensional space (x, y, and z) as shown in Figure 3.

In fact, there are many sequential steps for both parties to create a successful Shared Secret Key (SSK) using the BB84 protocol, as shown in Figure 2. These steps are described as follows:

Step 1: The length of the plaintext X should be set up by Alice to become a string of n-bits, and then the n-bits are applied to a randomly prepared basis ($\times \mathrm{or}+$).

Step 2: Each random basis will produce a random state either $|0⟩ \mathrm{or} |1⟩$ if the basis is $|\times ⟩$, or $|0⟩ \mathrm{or} |1⟩$ if the basis is $|+⟩$ as shown in

Table 2. The Alice sends n random bits in random bases.

Bit Number	0	1	2	3	4	5
Alice’s random bits	0	1	1	0	1	1
Alice’s random bases	+	+	×	+	+	+
Alice sends	→	↑	↖	→	↑	↑

.

Step 3: When the string of n-qubits is submitted by Alice, Bob measures the upcoming n-qubits based on random bases, as shown in

Table 3. Bob receives n random bits in random measurements.

Bit Number	0	1	2	3	4	5
Bob’s random bases	×	+	×	×	+	×
Bob observes	↗	↑	↖	↖	↑	↗
Bob’s bits	0	1	1	1	1	0

. Next, Bob obtains a string of states that reflect n-bits. If Bob cannot measure all the submitted qubits, both parties will release additional qubits by sharing the used bases through a public channel.

Step 4: Both Alice and Bob start estimating the errors that could be caused by Eve, where many error-correction methods [27] are used in the BB84 protocol. The raw secret key is processed, when Alice and Bob compare the matching bits, where the uncorrelated bits are discarded, as shown in

Table 4. Alice and bob publicly compare used bases.

Bit Number	0	1	2	3	4	5
Alice’s random bases	+	+	×	+	+	+
Bob’s random bases	×	+	×	×	+	×
Agreement		✓	✓		✓
Shared secret key		1	1		1

. This is called a sifting procedure, which enhances any attempt by Eve to obtain information and detect any error [28].

Step 5: After matching the sent and received qubits, the communication moves to the reconciliation phase only if the error rate is low. On the other hand, Alice and Bob end up the current communication if the error rate is too high.

Step 6: If the error rate is low, Alice and Bob share the raw key. Moreover, the raw key contains the matched qubits of both parties. Unmatched qubits are supposed to be removed from the shared key SSK.

Step 7: Next, Alice and Bob start correcting the erroneous qubits again in a separate phase, as shown in

Table 5. Alice and Bob publicly compare half of the remaining bits.

Bit Number	0	1	2	3	4	5
Shared secret keys		1	1		1
Randomly chosen			✓		✓
Shared secret key		1	1		1
Agreements			✓		✓
Unrevealed secret keys		1

, as they endeavor to reduce the number of exposed qubits.

Step 8: After checking for errors, Alice and Bob share an SSK that has the same length of plaintext X [29,30]. In other words, Alice could cheat in this position by sending a different basis (rectilinear and diagonal basis or neither rectilinear nor diagonal photon), so that she is not in a position to agree with any of Bob’s table records in step (3). In contrast, Bob’s table records the result of probabilistic behavior that is not under the control of the matching raw key [31].

Hence, it is very important to realize that if Alice tries to cheat in step (1), for instance, by sending a mixture of rectilinear and diagonal states, Alice will lose the ability to agree with Bob’s records table after step (1).

Finally, the BB84 protocol is assigned a secure protocol as mentioned in [32], and it is a simple protocol compared with current QKD protocols. This simplicity is based on the law of physics that occur during key generation.

2.2.2. The SARG04 Protocol

In 2004, SARG04 was introduced by Scarain, Acin, Ribordy, and Gisin [33]. This protocol was then extracted using the previous protocol BB84. The SARG04 protocol uses the same bases and states as the BB84 protocol, where two bases $\left(\times \mathrm{or} +\right)$ and four states ($|+⟩, |-⟩, |0⟩, |1⟩$) are used to initiate quantum submissions between the communicating parties. The SARG04 protocol is designed to be a robust protocol against Photon-Number-Splitting (PNS) attacks, especially when weakened laser pulses are emitted instead of a single photon source. Furthermore, SARG04 and BB84 are essentially equivalent to each other in the quantum communication phase, but the variation occurs by encoding and decoding the exchanged information into the classical channel [34].

The SARG04 protocol has a certain number of instructive differences, of which Bob must always choose the bases with a probability of $\raisebox{1ex}{$1$}\!\left/ \!\raisebox{-1ex}{$2$}\right.$, even when Alice uses the same bases [35,36], [37] (p. 4). Although the SARG04 protocol is considered a new quantum mechanism for creating a secure shared key, the BB84 protocol is still seen in the instructions of the SARG04 protocol. In other words, when Alice matches the initiated qubits with the equivalent qubits from Bob, the Quantum Bit Error Rate (QBER) increases based on the presence of the error (unlike BB84, which is satisfied by the sifting phase).

To abstract the sequential steps of the SARG04 protocol between the two legitimate parties Alice and Bob, one-way communication was applied as follows:

Step 1: Alice creates n photons that start randomly with each of the four states (${|\mathsf{\phi }}_{\mathrm{i}}⟩, \mathrm{i}=0, 1, 2, 3. )$; Bob should receive one of the four states.

Step 2: When the photon is sent to Bob, it is measured randomly into quantum detectors using two bases $\left(\times \mathrm{or} +\right)$. If this measurement does not match or cannot be measured, Bob informs Alice to ignore this photon.

Step 3: Alice informs Bob about the states of photons $|{\mathsf{\phi }}_{\mathrm{i}}⟩$ that were chosen during the initiation period. Bob then matches outcomes using only two states. If the result was proven to be an orthogonal state to one of the set of states, the other states will already be proven. However, if the measured photons are not orthogonal, Bob should know that the measurements are not incisive. He then asks Alice to provide more specific details in the reconciliation phase.

Step 4: In the reconciliation phase, some qubits are chosen randomly to be tested and corrected by Alice, where Bob calculates the QBER. If the measurement of QBER was very high, Alice and Bob would agree to cancel the protocol and start another communication.

Step 5: In accordance with the previous step, both Alice and Bob retain only the conclusively matched qubits, which are used in a raw key. Unmatched qubits are treated during the qubit error-correction and privacy amplification phases [38,39,40].

SARG04 protocol can withstand PNS attacks. Although SARG04 appears as the BB84 protocol for all manipulations at the quantum level, it differs in the error-correction phase (sifting phase), where both parties communicate using a classical channel by encoding and decoding the shared information.

2.2.3. The B92 Protocol

B92 was proposed by Bennett in 1992 [41]. The protocol contains only two particle states, rather than four states in the BB84 protocol. The two states should be nonorthogonal, as illustrated in Figure 4. The process of the B92 protocol is involved in the quantum phase as follows:

Step 1: Alice sends a random string of qubits (A) to Bob; where $\mathrm{A}\in {\left\{0,1\right\}}^{\mathrm{n}}$, n > N (which N is the length of final key), so if Alice sent the $|0⟩$ state that means ${\mathrm{A}}_{\mathrm{i}}=0$, and ${\mathrm{A}}_{\mathrm{i}}=1$ if she sent $|+⟩$ state, for all $\mathrm{i}\in \left\{0, 1, \dots \mathrm{n}\right\}$.

Step 2: On the other hand, Bob creates a vector of bits (B) where $\mathrm{B}\in {\left\{0,1\right\}}^{\mathrm{n}}$, n > N, which if $\left({\mathrm{B}}_{\mathrm{i}}=0\right)$; then Bob will choose the basis $(+)$, and if $\left({\mathrm{B}}_{\mathrm{i}}=1\right)$ he will choose the basis $(\times )$ for all $\mathrm{i}\in \left\{0,1\dots \mathrm{n}\right\}$.

Step 3: When Bob starts measuring the upcoming qubits, each qubit is measured on a selected $(+)$ or $(\times )$ basis.

Step 4: After measuring the vector of states, Bob starts completing the following rules: if the measurement of the qubit produces $|0⟩$ or $|+⟩$ then ${\mathrm{T}}_{\mathrm{i}}=0$, and if it produces $|1⟩$ or $|-⟩$, ${\mathrm{T}}_{\mathrm{i}}=1$ for all $\mathrm{i}\in \left\{0,1\dots \mathrm{n}\right\}$ [42].

In general, the B92 protocol uses a non-orthogonal state to transmit information to a quantum channel. The protocol has a robust scheme with optical imperfection and detector noise, unlike the BB84 protocol. Naturally, the noise at the end of the communication can be as high as 1.6% [43]. Moreover, the B92 protocol technically has less usage of quantum memory (if any) and quantum channel capacity.

2.2.4. The Coherent One-Way Protocol

The Coherent One-Way (COW) is a simple protocol [44,45], which depends on decoding the information into time slots. Alice sends coherent pulses in logic states as [35] or decoy states. Each logical bit is encoded to either $\left(\mathsf{\mu } -0\right)$ for logical $\left(0\right)$ or $\left(0- \mathsf{\mu }\right)$ for logical $\left(1\right)$ by a sequence of two pulses. Furthermore, to improve the security of this protocol, Alice adds decoy sequences of $\left(\mathsf{\mu } - \mathsf{\mu }\right)$ while submitting the other logical states. If the pulses submitted to the interferometer are well aligned on Bob’s side, then the received pulses will be perfectly detected on DM1 (interferometer) and there will be no detection on DM2 (detector). Therefore, the loss of coherence will be displayed on the detector when the eavesdropper tries to listen [46].

$$\begin{gathered} \mathrm{logic} 1: |0⟩+|\mathsf{\mu }⟩ \\ \mathrm{logic} 0:|\mathsf{\mu }⟩+|0⟩ \\ \mathrm{Decoy}:|\mathsf{\mu }⟩+|\mathsf{\mu }⟩, \end{gathered}$$

(3)

where $\mathsf{\mu }$ is the mean photon number per pulse.

In this protocol, the transmission and reception of data depends on the time of arrival of the signal and does not depend on the polarization of the optical signals. The COW protocol works briefly as follows:

Step 1: Alice transmits a sequence of binary bits using time slots to Bob and generates both logical states of $|1⟩$ or $|0⟩$ (which has the same probability unless decoy states are added). Obtaining a probability of ½ for each of $|1⟩$ or $|0⟩$ states and adding the decoy states are calculated by $\left(1-\mathrm{f}\right)/2$ (where f is the probability of decoy state generation).

Step 2: Bob exploits the time detection to generate a raw key, where all previous processes are performed by different detectors to improve the security rate in Equation (4).

$$\mathrm{V}=\frac{\mathrm{p}\left({\mathrm{D}}_{\mathrm{M}1}\right)-\mathrm{p}\left({\mathrm{D}}_{\mathrm{M}2}\right)}{\mathrm{p}\left({\mathrm{D}}_{\mathrm{M}1}\right)+\mathrm{p}\left({\mathrm{D}}_{\mathrm{M}2}\right)}$$

(4)

where $\mathrm{p}\left({\mathrm{D}}_{\mathrm{Mj}}\right)$ is the probability of the $\left({\mathrm{D}}_{\mathrm{Mj}}\right)$ clicks at the time when $\left({\mathrm{D}}_{\mathrm{M}1}\right)$ should click, as shown in Figure 5.

Step 3: Bob declares the number of bits by simultaneous procedures between the data detector and time detection on the side.

Step 4: On monitoring the detectors, Alice ensures that the sequence of decoy states and bit sequences still exists. If not, Eve has tapped the communication. In this case, Alice breaks the coherence into two pulses to detect an interrupted state.

Step 5: Alice informs Bob about the bits that have been removed from the raw key because those bits belong to the decoy state sequence.

Step 6: The secret key is extracted after dropping the decoy sequences from the raw key using a classical process, and the shared key is obtained by error-correction and privacy amplification [47].

This protocol, as reported in [48], is designed to be a robust quantum protocol against reduced interference visibility and PNS attacks. The COW protocol also has simple transmissions into data lines, low losses at the measurement side, and a small QBER detection.

2.2.5. The KMB09 Protocol

This protocol was presented in 2009 [49] by Khan, Murphy, and Beige, and is designed to be robust against PNS attacks. Khan et al. describe the protocol as being between two parties (Alice and Bob) and an eavesdropper (Eve). Both parties must use two bases $\mathrm{e}$ and $\mathrm{f}$, where both parties should use different indices $\mathrm{i}$ whenever they use the same basis [50]. Moreover, the $\mathrm{i}$ index is publicly declared between two legitimate parties, which can be pointed to Alice’s prepared indices as $\mathrm{i}$. and Bob’s measured indices as $\mathrm{j}$.

In KMB09, the authors attempted to create a protocol that could withstand PNS attacks. In addition, KMB09 was created when other protocols were used for a few kilometers, where the system error rate could exceed the eavesdropper’s presence. The protocol was optimized by using an Index Transmission Error Rate (ITER) instead of QBER during the reconciliation phase. The next steps briefly explain the KMB09 protocol as follows:

Step 1: Alice randomly generates a sequence of classical bits, and then randomly specifies an index $\mathrm{i} =1, 2\dots \mathrm{N}$.

Step 2: Alice sends the prepared bits in a single photon into either $|{\mathrm{e}}_{\mathrm{i}}⟩$ or $|{\mathrm{f}}_{\mathrm{i}}⟩$ basis to Bob.

Step 3: Each incoming state is measured by Bob to be randomly switched between bases $\mathrm{e}$ and $\mathrm{f}$.

Step 4: Alice announces in public communication to Bob about the random sequential indices $\mathrm{i}$ to obtain the secret key.

Step 5: Bob translates the measurement outcomes.

Step 6: Bob communicates with Alice publicly to share that the photon measurements were successfully received and obtained the secret key.

Step 7: Alice and Bob can determine whether Eve is eavesdropping on the communication as Equation (5) [51].

$${\mathrm{P}}_{\mathrm{ITER}}=1-\frac{1}{2\mathrm{N}}{\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{N}}{\displaystyle \sum }_{\mathrm{k}=1}^{\mathrm{N}}\left[|⟨{\mathrm{g}}_{\mathrm{k}}{|\mathrm{e}}_{\mathrm{i}}⟩{}^4+{\mathrm{g}}_{\mathrm{k}}{|\mathrm{f}}_{\mathrm{i}}⟩{}^4|\right]$$

(5)

where $\mathrm{e}, \mathrm{f} \mathrm{and} \mathrm{g}$ are bases, and the state of $|{\mathrm{g}}_{\mathrm{k}}⟩$ is Eve’s possible measurement outcomes, and it is forwarded to Bob without alteration.

The polarization of a single photon is initiated in multi-dimensional states, as shown in Figure 6, which is based on orthogonal or non-orthogonal bases [52].

The KMB09 protocol is designed to be used under ideal conditions, where it is impossible for Alice and Bob to have different indices while using the same basis. This protocol is more robust against any eavesdropper who tries to hide his/her presence. In addition, the strong correlation between QBER and ITER makes the eavesdropper produce a distinct signature that is easy to detect.

2.2.6. The EPR Protocol

EPR Pair Paradox was inspired by Einstein, Podolsky, and Rosen, who presented a dialectical paper in 1935 [53]. The presented theory has led to an argument about quantum mechanics, which is not a completely physical theory. The main concept uses three states of polarization considering $|\mathsf{\theta }⟩$, where the polarization state of the photon is linearly polarized at angle $\mathsf{\theta }$. More precisely, the EPR is a pair of particles that can be separated even over a great distance, so that both photons show in a paradox “action at a distance” [54].

To explain the nature of the EPR pair paradox clearly, when one photon is measured on the right side, the outcome may be a vertical linear polarization $|0⟩$ state. On the other hand, the measurement will be a $|1⟩$ state on the left side, where the measured photons will be horizontally in a linear polarization state $|\mathsf{\pi }/2⟩$ (and vice versa). Therefore, the EPR is one of the four Bell states as Equation (6).

The EPR protocol was presented by Artur K. Ekert in 1991 [55], which is completely based on the use of an entanglement state between two remote parties. Moreover, few modifications have been made since the first EPR protocol has become popular. Hwang et al. [56] explained some of these modifications to the EPR protocol. The EPR process is shown in steps that demonstrate the original protocol [9]:

Step 1: Alice creates a sequence of EPR photons (entangled qubits) $\mathrm{n}$, where one photon is stored in a quantum memory and sends the other to Bob.

$$\begin{gathered} |{\psi }_1⟩=\frac{1}{\sqrt{2}}\left(|00⟩+|11⟩\right) \\ |{\psi }_2⟩=\frac{1}{\sqrt{2}}\left(|00⟩-|11⟩\right) \\ |{\psi }_3⟩=\frac{1}{\sqrt{2}}\left(|10⟩+|01⟩\right) \\ |{\psi }_4⟩=\frac{1}{\sqrt{2}}\left(|10⟩-|01⟩\right) \end{gathered}$$

(6)

Step 2: Both communicators randomly choose a sequence of bases ($\times \mathrm{or} +$); these bases are used to measure the particles at each side of the communication, as shown in

Table 6. The measurements in the EPR protocol Alice and bob measure in each of their random bases.

Bit Number	1	2	3	4	5	6
Alice’s random bases	×	×	+	+	×	+
Alice’s observations	↗	↖	→	↑	↗	→
Bob’s random bases	×	+	+	×	×	+
Bob’s observations	↗	→	→	↗	↗	→

.

Step 3: In public, Alice and Bob match the outcomes of their measurements and keep only the qubits that were measured on the same basis, as in

Table 7. The measurements in the EPR protocol Alice and bob publicly compare their bases.

Bit Number	1	2	3	4	5	6
Alice’s random bases	×	×	+	+	×	+
Public channel	⇕	⇕	⇕	⇕	⇕	⇕
Bob’s random bases	×	+	+	×	×	+
Agree	✓		✓		✓	✓

.

The remaining of EPR protocol includes decisions made by communicating parties. The public channel will be the next choice to ignore any errors while exchanging qubits through the quantum channel. Therefore, classical communication is analogous to the reconciliation phase of the BB84 protocol.

2.2.7. The S09 Protocol

S09 protocol was presented by Esteban and Serna in 2012; this protocol has a different technique compared to the previous protocols. S09 relies on public-private key cryptography, and the main process of the S09 is based on exchanging a qubit multiple times to build a secret key between Alice and Bob. However, the S09 protocol transfers the qubit into any arbitrary state that is agreed on between Alice and Bob only through the quantum channel. The sequences of the S09 protocol are briefly explained as follows.

Step 1: Generate a bit $\mathrm{i}$ by Alice that would be in element of a secret base $\left({\mathrm{B}}_{\mathrm{k}}\right)$ to create a qubit $|\mathsf{\Psi },\mathrm{k}⟩$, which in turn is sent to Bob with a quantum channel.

Step 2: Bob applies $\left({\mathrm{U}}_{\mathrm{j}}\right)$ to qubit $|\mathsf{\Psi },\mathrm{k}⟩$ on the other side, which is only recognized by Bob. Thus, he can send the outcome of the qubit to Alice.

Step 3: When Alice receives the qubit, it is measured in the base $\left({\mathrm{B}}_{\mathrm{k}}\right)$ and includes bit j, where the qubit must be in a pure state $\left(\mathsf{\rho }\right)$ by the operator density [50]:

$$\mathsf{\rho }=|\mathsf{\Psi }, \mathrm{k}⟩⟨\mathsf{\Psi }, \mathrm{k}|,$$

(7)

where the interaction of the qubits $\left(\mathsf{\rho }\right)$ with the environment produces:

$${\mathsf{\rho }}^{\prime }={\displaystyle \sum }_{\mathrm{j}}{\mathrm{E}}_{\mathrm{j}}{\mathsf{\rho }\mathrm{E}}_{\mathrm{j}}^{†},$$

(8)

where ${\mathrm{E}}_{\mathrm{j}}$ is an operator that acts in the space of a qubit. Subsequently, these operators convey the state of qubit $|\mathsf{\Psi },\mathrm{k}⟩$ in the overlap.

$$|\mathsf{\Psi }, \mathrm{k}\rangle \to { \mathrm{E}}_{\mathrm{i}}|\mathsf{\Psi }, \mathrm{k}⟩$$

(9)

Step 4: After a complex operation, parity bits are appended by the operators ($\parallel \mathrm{or} \&\&$).

Step 5: The previous step is attached to the distribution of the sent addresses or hashed values.

In addition, with the approach of this protocol, Eve can obtain nothing from her eavesdropping, since ${\mathrm{B}}_{\mathrm{k}}$ and ${\mathrm{U}}_{\mathrm{j}}$ transformations can be changed as frequently as needed. On the other hand, the S09 protocol has a complex exchange process that makes operating the protocol inefficient.

2.2.8. The S13 Protocol

S13 is a quantum key distribution protocol developed by Serna in 2013 [57]. This protocol corresponds to the BB84 protocol in quantum procedures but differs in the classical channel. S13 was designed for implementation in current system devices, without the need for modifications.

Furthermore, S13 has the same quantum communication phase as BB84; however, this will be overlooked in this section because it is already explained in Section 2.2.1. The second phase of the S13 protocol is explained as follows:

• Quantum part

  -

  Raw key exchange: (as shown in the BB84 protocol).

  -

  Random seed: one of the communicating parties creates a random binary string $\left({\mathrm{x}}_1{ \mathrm{x}}_2 \dots { \mathrm{x}}_{\mathrm{N}}\right).$

  -

  Missing key exchange:

  • Alice makes a summation of the random binary string with the binary basis from the first part and obtains a binary basis $\left({\mathrm{t}}_1{ \mathrm{t}}_2 \dots { \mathrm{t}}_{\mathrm{N}}\right)$. Alice then randomly generates another string of binary $\left({\mathrm{j}}_1{ \mathrm{j}}_2 \dots { \mathrm{j}}_{\mathrm{N}}\right)$, where this is an exchanged key with Bob.
  • Bob sums each of the sequences sent to him by Alice with the created binary string $\left(1\oplus {\mathrm{m}}_{\mathrm{k}}\right)\oplus {\mathrm{x}}_{\mathrm{k}}$, where $\left(\mathrm{k} =1, 2\dots \mathrm{N}\right)$. Thus, the sum becomes a binary string basis $\left({\mathrm{n}}_1{ \mathrm{n}}_2 \dots { \mathrm{n}}_{\mathrm{N}}\right)$. Next, Bob measures the received state $|{\mathsf{\Psi }}_{{\mathrm{t}}_{\mathrm{k}} }{\mathrm{j}}_{\mathrm{k}}⟩$, with the correspondence of the basis $\left({\mathrm{B}}_{\mathrm{nk}}\right)$ to generate $\left({\mathrm{b}}_1{ \mathrm{b}}_2 \dots { \mathrm{b}}_{\mathrm{N}}\right)$.

• Classical part
  Alice and Bob apply function $\left(f\right)$ to different binary exchanges in a set of binary strings:

  $$f\left(z,x,y\right)≔\{\begin{array}{c}x, z=0\\ y, z=1\end{array}$$

  (10)
  • Asymmetric cryptography:
    Step 1: Alice sums the binary string created by her in quantum part $i$ with a random string of binary values that were created by missing the key exchange $j$.

    $$i_k\oplus j_k,\left( k=1,2\dots N\right),$$

    (11)

    where $\left(y_1 y_2 \dots y_N\right)$ will be sent to Bob.
    Step 2: To obtain the public key, Bob encrypts:

    $$\begin{gathered} u_k=n_k \oplus f\left(m_k, a_k,b_k \oplus y_k\right), \\ {v}_k=n_k \oplus f\left(m_k,b_k, a_k \oplus y_k\right). \end{gathered}$$

    (12)
    Step 3: Alice makes a summation to obtain the private string of $m_k$, which is:

    $$t_k\oplus f\left(s_k, \left(1\oplus i_k\right)\oplus u_k, j_k\oplus v_k\right),$$

    (13)

    and then decrypts the string $\left(m_1 m_2 \dots m_N\right)$.
  • Private Reconciliation:
    Step 4: Bob receives the binary sequence $\left(l_1 l_2 \dots l_N\right)$ after completing the comparison between $\left(s_1 s_2 \dots s_N\right)$ and $\left(m_1 m_2 \dots m_N\right)$ by Alice.
    Step 5: Bob sums the sequence of bases $m_k$ with $l_k$, where $\left(m_k\oplus l_k\right), k=1, 2 \dots N$.
    This is to obtain the private string $s_k$.

    $$\begin{gathered} f\left(l_k, a_k,b_k\oplus y_k\right) \equiv i_k \\ f\left(l_k,a_k\oplus y_k,b_k\right)\equiv j_k, \\ \left(k=1, 2 \dots N\right). \end{gathered}$$

    (14)
    Bob then obtains the private string from Alice $\left(i_1 i_2 \dots i_N\right)$.

Finally, the S13 protocol is designed to be functional with existing devices, especially in the exchange phase after a qubit transmission. Several exchanges in the public channel will lead to a waste of time, as well as a chance for an eavesdropper to tap data. Furthermore, S13 is an improvement of the S09 protocol, which was ranked as a complex QKD protocol.

2.2.9. The Differential-Phase-Shift Protocol

The Differential-Phase-Shift (DPS) protocol was developed in 2002 by Inoue et al. [48]. The DPS protocol is based on four fully non-orthogonal states, in which Alice’s photon splits into three pulses and it is randomly modulated. On the other hand, Bob measures the incoming photons from Alice with a differential phase measurement. As mentioned in [58], the DPS protocol is more suitable for fiber-optic transmission and provides a higher effective shared key than the BB84 protocol. Additionally, the DPS protocol has specific advantageous features that are included in a simple configuration, accurate time usage, and robustness again PNS attacks [59].

Technically, the DPS is used to create a secret key between two parties, and it starts at Alice’s side when the single photon is divided into three paths (a, b, and c) and then recombined them using a beam splitter (BS) or optical switcher (SW), as shown in Figure 7. Moreover, the time delay (between a, b and b, c) is equal, so that the recombined photon is converted to each of $(0 || \pi )$. The incoming photons from Alice to Bob are divided into two paths and recombined using (50:50) beam splitters. The entire expected scenario of the DPS protocol is performed in the following sequential steps.

Step 1: At Alice’s side, a photon is sent from (a) to the short path on Bob’s side.

Step 2: Another photon is pushed through (a) to the long path on Bob’s side and through (b) to the short path.

Step 3: A photon is pushed through (b) to the long path on Bob’s side, and (c) to the short path.

Step 4: Another photon is pushed through (c) to the long path on Bob’s side.

In the first part of processing DPS, two probabilities overlap in steps (2) and (3), where the phase difference is $\left(0 or \pm \pi \right)$ which depends on Alice’s modulation. Moreover, each detector clicks on (0) and the other clicks on $\left(\pm \pi \right)$ phase difference. Finally, when Bob’s detectors click, Bob records the time and knows which detector clicks. During the classical two-way communication, Alice knows which one clicks at Bob’s detector [48,58].

3. The QKD Protocols Features Based on Quantum Computing

As stated in the previous schemes, each quantum key distribution protocol is addressed in two critical aspects. The first aspect is the movement of particles, which is related to quantum mechanics and theories of physics. Moreover, this aspect shows the physical motion of specific photons using the required observables (polarization, momentum, mass, etc.) at initiation and measurement conditions. The second aspect represents the comfort of using a classical system (or our current computer) with quantum bits (qubits). The ability to convert qubits to bits in existing platforms using quantum computers is still unavailable.

Furthermore, the conclusion of the previous aspects has been collected on the cryptographic point of view as shown in

Table 8. The mechanism and features of well-known GKD protocols.

Cases	Quantum Key Distribution Protocols
	BB84	B92	SARG04	COW	KMB09	EPR	S09	S13	DPS
Properties	Heisenberg	Heisenberg	Heisenberg	Arbitrary	Heisenberg	Entanglement	Kp, Ks	Heisenberg	Arbitrary
Number of States	4 states	2 States	4 States	Time slots	2 states	2 EPR	Arbitrary states	4 states	4 States
Detection of presence	QBER	QBER	QBER	Break of coherence	ITER	Bell’s inequality	appending parity bits	Random Seed	Timeslot
Polarization	Orthogonal	Non orthogonal	Orthogonal	Arbitrary	Arbitrary	Orthogonal	Bit-Flip Phase-Flip	2 orthogonal	DPS
State Probability	Various	50%	50%	Calculated	50%	Equal	Various	Various	Equal
Qubit String	Discrete	Discrete	Discrete	Discrete	Discrete	Discrete	No	Discrete	Discrete
Classical channels	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes
Decoy States	No	No	No	Yes	No	No	Yes	No	No
Sifting phase	Revealing Bases	Alice = 1 − Bob	Revealing non-orth. state	Revealing times 2k + 1	Revealing Indices	Bell’s Inequality	No	Revealing Bases	Timeslot
Bell’s inequality	No	No	No	No	No	Yes	No	No	No
PNS attack	Vulnerable	Vulnerable	better than BB84	Robust	Robust	N/A	N/A	N/A	Robust
IRUD attack	Vulnerable	Vulnerable	Vulnerable	Under Test	Under Test	Vulnerable	N/A	N/A	N/A
BS attack	Vulnerable	Vulnerable	Robust	Robust	Robust	Vulnerable	N/A	N/A	Robust
DoS attack	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable	N/A	N/A	Robust
MAM attack	Vulnerable	Robust	Robust	Robust	Robust	Robust	Robust	N/A	Robust
IRA attack	Vulnerable	Vulnerable	Robust	Robust	Robust	Bell’s inequality	Robust	N/A	Robust
Authentication	No	No	No	No	No	No	No	Yes [classic]	No

[60], where the main security classifications of the quantum cryptography for some well-known QKD protocols (review of previous literature) are presented. These classifications focused on the instructions for the QKD protocols that used either the law of physics or the fundamentals of classical cryptography. However, many cryptographic features are still not available for approval today, such as professional quantum apparatus and quantum hardware. To improve the presence of these features, the entire classical system used, and the upcoming quantum system should overlap. For example, security attackers attempt to break any information system by discovering vulnerabilities and weaknesses into those platforms.

4. Runtime Analysis of QKD Protocols

Since the processing time of each QKD protocol is a critical term for secret key generation, the runtime execution has been experimented with in a specific ecological scheme. The same number of n-qubits has been implemented, and all QKD algorithms are formatted based on the original protocol, with many improvements recently updated. Moreover, the experiments present runtime simulations of all QKD protocols in a classical system by applying quantum libraries [61,62] in MATLAB. All these simulations reflected a high percentage of reality as far as they are used in a quantum system. These simulations were implemented by applying 500 qubits to create a secret key (SSK), where each protocol has an independent scheme. In terms of the number of qubits that can be sent from Alice to Bob, each QKD protocol expects an error rate (covered qubits). Based on the recorded error rate, both participants can decide to either extend the protocol’s operations or cancel the communication entirely.

Figure 8, Figure 9, Figure 10, Figure 11, Figure 12, Figure 13, Figure 14, Figure 15 and Figure 16 [60] show only one of the runtime execution measurements for each QKD protocol, although several implementations were performed to determine the behavior of each QKD protocol. The measurements show variations during the process of each QKD protocol, as well as the real-time of each protocol, especially, when the QKD protocol applies more than 500 qubits between two legitimate parties. The gaps between each runtime execution depend on the properties of the states used (arbitrary, superposition, or entangled) and the number of bases used (orthogonal or non-orthogonal) that are employed for encrypting/decrypting the plaintext X. In addition, the differences between the studied QKD are related to the type of communication channels that are initiated between two legitimate parties (e.g., quantum or public channels). Each communication channel should have a certain mechanism, either to generate a specific state of a photon or to measure the received qubits. Therefore, runtime execution measurements were applied in the absence of Eve since Eve can cause relative and unstable errors. These errors can produce large variations based on different methods [63]. However, noise was applied in these experiments, which are usually generated by the environment.

After simulating each QKD algorithm by applying the runtime execution T(n) function, the results show the relative complexity in each QKD protocol with obvious variations. The T(n) function is linear and will lead to an increase in the life of the key generation, as long as the communication is active. For instance, the SARG04 protocol is similar to the BB84 protocol, except that SARG04 has a higher complexity than the BB84 protocol. Furthermore, SARG04 takes ($\approx 0.815 \mathrm{ms}$) to generate a secret key more than BB84 ($\approx 0.364 \mathrm{ms}$). Table Ⅸ shows the runtime execution of the QKD protocol limited to 500 qubits (ms).

In addition, the runtime execution measurement for the DPS protocol shows differentiation because initiating the DPS requires applying a photon in multiple states (arbitrary states). The differentiation of running each QKD protocol at certain functions and operations is based on the nature of each operation complexity such as converting a bit to qubit. In addition, the looping of each function produces sequential procedures before creating the SSK.

For instance, matching the measured qubits with the expected raw key depends on a separate reconciliation algorithm. Hence, the operations of running each reconciliation algorithm are calculated with the entire execution process, which starts from initiating a stream of bits until the secret key SSK is created before correcting any errors. Therefore, the following formula is applied to measure the runtime execution for each QKD protocol:

$$T\left(n\right)={{\displaystyle \sum }}_{i=1}\left(p.t\right),$$

(15)

where $p$ is a single loop of each QKD protocol process, $t$ is the total time taken by each loop, and $n$ is the length of plaintext X. Furthermore, each QKD protocol should have multiple operations during the quantum communication and reconciliation (usually classical communications) phases to generate a secret key. Afterwards, the QKD protocols are similar in three sequential phases: the first phase is initiation and preparation, the second phase is a submission, and the third phase is a reconciliation phase. These phases are shown in the previous QKD protocol, Algorithm 1.

Algorithm 1: QKD Protocol
1. Initiate n Qubits	// prepare a plaintext
2. for: each n → ($+ || \times$)	// Initiation loop
3.  $\mathit{if} \left(n_i == +\right):$
4.   $\mathit{then} n_i (0 || 90)$	// Loop (1)
5.  $\mathit{else} n_i (45 || 135)$
6. $\mathit{end}; \mathit{end}$	// ending the loop
7. Reconciliation phase:
8. for: 1 → n	// reconciliation loop
9.  $\mathit{if}: \left( i\ne j\right)$	// loop (2)
10. use different mechanisms 11. to correct error,
12.  $\mathit{else}: accept$
13. $\mathit{end}; \mathit{end};$	//ending the loop

More precisely, many execution loops occurred in the S09 and S13 protocols, especially during the reconciliation phase, unlike the BB84 and B92 protocols. The KMB09 protocol uses unique reconciliation procedures by exchanging indices instead of bases, which makes the correction phase more efficient. Therefore, runtime execution reflects the simplicity of using each QKD protocol. Thus, the BB84 protocol is classified as a simple QKD protocol based on previous measurement.

5. Comparison between QKD Protocols

Subsequently, several cryptographic approaches were extracted from the well-known QKD protocol (BB84, B92, SARG04, EPR, COW, DPS, KMB09, S09, and S13), which clarified the variations between these QKD protocols. These variations assist in realizing the weaknesses and strengths of each QKD process during communication between two users. As shown in the previous sections, some technical details are presented in the definition of each protocol, especially when a certain protocol has a unique design, such as the Coherent-One-Way (COW) protocol. The COW protocol depends on the insertion of the decoy states (${\mathsf{\mu }}_{\mathrm{i}}$) in pulse transmission. Using decoy states means more protection against PNS attacks, while extra time is required during either the submission or reconciliation phases.

Moreover, the QKD protocols vary in terms of the techniques used to determine the reliability of each QKD protocol against attack challenges. Security, simplicity, and efficiency are factors that are typically applied to measure QKD protocols. The previous QKD protocols were tested using one of these factors, where the simplicity factor was applied to test the runtime execution at a limited number of qubits. On the other hand, the major issue in most QKD protocols is the verification of the identity of the communicated parties. As demonstrated in

Table 9. The Runtime Execution of QKD protocols limited up to 500 qubits (ms).

QKDP	Input (Qubit)	Output (Qubit)	Time (ms)
BB84	500	142	0.164
B92	500	119	0.177
SARG04	500	247	0.815
KMB09	16	362	0.012
EPR	500	119	0.860
DPS	500	N/A	Constant
S09	500	N/A	0.927
S13	500	N/A	0.639
COW	500	126	0.686

, the authentication is not approved in the previous QKD protocols except for the S13 protocol, which requires verification of user identity in the classical channel. Moreover, verification requires additional procedures that reduce the lifetime of the protocol. Thus, spending a long term could expose communication, especially when the public channel is used to confirm the transferred data during the quantum channel. In other words, the multiple processes that occur in the classical channel provide a high rate of information gain by eavesdroppers.

In addition, there are three categories that cryptosystem designers try to achieve. First, designing a cryptographic algorithm assists the submitted data in being heavily mixed and complex. Second, creating encryption/decryption keys locks and unlocks the submitted plaintext X. Finally, the secure keys should be distributed between trusted communicating entities. In other words, there are still several hard attempts to break the QKD protocol or at least show weak points. None of these attempts can be functionally considered, even when Eve tries to intercept and resend the submitted particles and then generate new particles. On the other hand, the eavesdropper wishes to read at least 25% of the originally submitted message, where the rest of the message remains for guessing as null.

Furthermore, Intercepted/Resend attacks (IRA) are a well-known strategy against QKD protocols. IRA is the most popular attack, which is based on replacing some of the submitted qubits by applying a random basis $\left(\times \mathrm{or} +\right)$ when Alice sends qubits to Bob. Meanwhile, Eve leaves the rest of these qubits without changes because Eve wishes that the qubits should be received by Bob without changes. Next, when Alice and Bob start to compare the matching qubits, Eve constructs other qubits to be incompatible measurements. More precisely, if Eve attempts to listen to the transmitted qubits between Alice and Bob, Eve and Bob will use identical bases sent by Alice. Bob obtains identical bases to the eavesdropper, but no one can detect Eve. In other words, if Eve used a different measurement to intercept the bases sent by Alice, Eve will would experience uncertain changes in the state’s polarization.

6. Conclusions

This paper presents a set of QKD protocols over a period of time, as QKD is a new generation of cryptography in the information theory world. Moreover, several issues in quantum cryptography are theoretically solved using the QKD protocol; in particular, QKD is powered by quantum mechanics. The reason behind the strength of quantum mechanics is the non-cloning theory, which produces an alteration of any permeation. On the other hand, the explanation of ambiguous ideas was clearly discovered in this study to show the mechanism of each QKD protocol. One of the most important insights is to implement the runtime of each QKD protocol, as the use of multi-communications in a classical channel requires extending the life of the QKD protocol process as well as increasing the rate of information attacks. The classical channel is used heavily during the implementation of each QKD protocol, where a significant amount of processing time is spent during the reconciliation phase. In contrast, a classical channel is needed, as long as there is no way to reconcile the submitted information during the quantum channel. In other words, the classical channel should not completely affect the implementation of the QKD protocol, as this will lead to an infinite experience. Finally, the QKD protocol provides a Secure Shared Key (SSK) between legitimate parties through the secure communication. The secret key should be robust against any type of information attack with a 0.0% exposure to the SSK. QKD is expected to be the next generation of secret key in various information exchange systems.