BB84 (Bennett–Brassard 1984) and Non-Commuting Observables

Charles Bennett’s Quantum Key Distribution (BB84) and the Role of Non-Commuting Observables

The BB84 protocol (Bennett–Brassard, 1984) enables two parties, Alice and Bob, to establish a shared random secret key over an insecure quantum channel. Security arises from fundamental quantum principles: superposition, the no-cloning theorem, and—crucially—the incompatibility of measurements in non-commuting bases.

1) Two Non-Commuting Measurement Bases

Rectilinear (Z) basis, associated with the Pauli operator $\sigma_z$ :

$|0\rangle_z,\qquad |1\rangle_z$

Diagonal (X) basis, associated with the Pauli operator $\sigma_x$ :

$|0\rangle_x \;=\; \frac{1}{\sqrt{2}}\!\left(|0\rangle_z + |1\rangle_z\right),\qquad |1\rangle_x \;=\; \frac{1}{\sqrt{2}}\!\left(|0\rangle_z - |1\rangle_z\right).$

These bases are incompatible because their observables do not commute:

$[\sigma_x,\sigma_z] \;=\; \sigma_x\sigma_z - \sigma_z\sigma_x \;\neq\; 0.$

Operationally: measuring a qubit prepared in one basis using the other basis yields random outcomes and irreversibly disturbs the state.

2) BB84 Protocol Steps

Preparation (Alice): For each bit, Alice chooses a random basis ( $Z$ or $X$ ) and prepares one of the four states $\{|0\rangle_z, |1\rangle_z, |0\rangle_x, |1\rangle_x\}$ . She sends the photon to Bob.
Measurement (Bob): For each photon, Bob randomly chooses to measure in $Z$ or $X$ and records the result.
Basis reconciliation (public channel): Alice and Bob announce which basis they used (not the bit values). They keep only positions where their bases match—this forms the raw key.
Error estimation & post-processing: They sacrifice a random subset of raw bits to estimate the error rate. If below threshold, they run classical error correction and privacy amplification to obtain the final shared secret key.

3) How Non-Commuting Observables Enforce Security

Suppose an eavesdropper, Eve, intercepts and measures each photon:

If Eve picks the correct basis (matches Alice’s), she learns the bit without disturbance.
If Eve picks the wrong basis, non-commutativity implies her measurement outcome is random, and the post-measurement state collapses into the wrong basis. When Bob later measures (possibly in the correct basis), errors are introduced.

For example, if Alice prepares $|0\rangle_z$ but Eve measures in the $X$ basis, Eve’s outcome is uniformly random:

$P\!\left(\text{Eve gets } |0\rangle_x\right)=\tfrac{1}{2},\qquad P\!\left(\text{Eve gets } |1\rangle_x\right)=\tfrac{1}{2}.$

Eve then forwards her collapsed state to Bob. If Bob measures in the $Z$ basis, his result is also random given Eve chose the wrong basis:

$P\!\left(\text{Bob's bit matches Alice's} \mid \text{Eve used wrong basis}\right)=\tfrac{1}{2}.$

Since Eve guesses the correct basis with probability $\tfrac{1}{2}$ and flips the bit with probability $\tfrac{1}{2}$ when she is wrong, a simple intercept-resend attack produces an average quantum bit-error rate (QBER) of about $25\%$ in the sifted key—a level Alice and Bob can detect during error estimation.

The underlying reason is formal:

$\sigma_x \sigma_z \;\neq\; \sigma_z \sigma_x,$

so one cannot jointly measure $\sigma_x$ and $\sigma_z$ with arbitrary precision. This is the measurement-incompatibility (Heisenberg-type) constraint that makes undetected eavesdropping impossible in ideal conditions.

4) Key Insight & Comparison

Security in BB84 is physical, not computational. It derives from quantum mechanics—superposition, no-cloning, and especially non-commuting observables—rather than hardness assumptions (like factoring).

Component	Classical Crypto	Bennett’s QKD (BB84)
Security Basis	Computational hardness (e.g., factoring)	Quantum physics (non-commuting measurements, no-cloning)
Eavesdrop Detection	Not intrinsic	Intrinsic — measurement introduces errors
Key Distribution	Secure classical channel required	Quantum channel + authenticated classical channel

5) Minimal Math Recap

Basis change between $Z$ and $X$ (Hadamard rotation):

$|0\rangle_x \;=\; \tfrac{1}{\sqrt{2}}\!\left(|0\rangle_z + |1\rangle_z\right),\quad |1\rangle_x \;=\; \tfrac{1}{\sqrt{2}}\!\left(|0\rangle_z - |1\rangle_z\right).$

Non-commutation:

$[\sigma_x,\sigma_z]\;=\;2i\,\sigma_y \;\neq\; 0.$

Wrong-basis measurement randomness:

$P(\text{correct bit} \mid \text{wrong basis}) \;=\; \tfrac{1}{2}.$

Quantum Key Distribution Scheme