Three-State Simplified BB84 QKD

Updated 29 January 2026

The protocol reduces state preparations from four to three, simplifying hardware and maintaining security performance.
It employs two Z-basis states and one X-basis state for efficient key generation and phase error estimation using minimal detectors.
Comprehensive security proofs validate its robustness in both asymptotic and finite-key regimes against advanced quantum attacks.

A three-state simplified BB84 protocol is a quantum key distribution (@@@@2@@@@) scheme which reduces the number of prepared or measured quantum states from the canonical four of original BB84 to three, while largely preserving both security properties and operational key rates. Such protocols exploit the fact that key-generation and eavesdropper detection can be decoupled in a manner that allows state and measurement simplification without notable security degradation. The three-state approach substantially reduces experimental complexity, hardware requirements, and side-channel vulnerabilities, hence facilitating chip-scale integration and higher repetition rates, and has been validated against general/coherent attacks in both infinite and finite-key regimes (Grünenfelder et al., 2018, &&&1&&&, Krawec, 2016, Liu et al., 2018, Boyer et al., 2022).

1. Protocol Specification and State Preparation

In the most common formulation, the three-state protocol employs two $Z$ -basis eigenstates (for key generation) and a single $X$ -basis state (for phase-error estimation):

Alice prepares each signal as either $|0\rangle_Z$ or $|1\rangle_Z$ (the computational basis), and, with suitable probability, the $|+\rangle = (|0\rangle + |1\rangle)/\sqrt{2}$ state (the $X$ -basis "plus" state).
No $|-\rangle$ state is ever prepared or transmitted (Rusca et al., 2018, Grünenfelder et al., 2018, Krawec, 2016, Liu et al., 2018).

Preparation probabilities are typically chosen to maximize key generation in the $Z$ basis, e.g., $p_Z \gg p_X$ with $2p_Z + p_X = 1$ so that raw-key rounds are predominately $Z$ -basis (Liu et al., 2018). The same approach applies in polarization or time-bin encodings. In polarization implementations, Alice's laser and modulation system prepare three polarizations: $|H\rangle$ , $|V\rangle$ (rectilinear, for $Z$ ) and $|+\rangle$ (diagonal, for $X$ ) (Grünenfelder et al., 2018). In time-bin encoding, states correspond to "early" ( $|0\rangle$ ), "late" ( $|1\rangle$ ), and "superposition" ( $|+\rangle$ ) pulses (Rusca et al., 2018).

2. Measurement Design and Basis Choices

Bob randomly chooses between the $Z$ basis (direct time-tagging or polarization measurement) and the $X$ basis (interferometric detection or diagonal polarization projection):

In the $Z$ basis, Bob discerns between $|0\rangle$ and $|1\rangle$ via time-of-arrival or polarization discrimination.
In the $X$ basis, a single projection is used, often via a Mach-Zehnder or fiber interferometer, with just one output port monitored for a "minus" outcome (as only $|+\rangle$ is transmitted, no $|-\rangle$ is needed) (Rusca et al., 2018).
Only two single-photon detectors are required: one for $Z$ , one for the $X$ port; this minimal detection setup suffices due to the protocol's state-assignment and measurement reduction (Rusca et al., 2018, Grünenfelder et al., 2018).

The measurement reduction further enables passive basis choice using beam splitters and obviates the need for active switching, auxiliary detectors, or customized filtering (Grünenfelder et al., 2018, Rusca et al., 2018).

3. Parameter Estimation, Security Proofs, and Key Rate Formulas

The security of three-state simplified BB84 is based on the explicit estimation of phase error rates using only statistics from the $|+\rangle$ state (in $X$ basis) and the observed bit error rates in $Z$ , together with decoy-state analysis to treat photon-number splitting attacks:

The observed $Z$ -basis quantum bit error rate (QBER) quantifies errors in key-generation rounds.
The phase error in $Z$ -basis key rounds (which constrains Eve's possible knowledge) is estimated via statistics from monitoring $X$ -basis rounds—specifically, the rate of "minus" detector clicks when $|+\rangle$ is sent (Rusca et al., 2018, Krawec, 2016).
Secret-key rates in the asymptotic regime revert to the familiar BB84 form:

$r(Q) \approx 1 - 2 h(Q)$

where $Q$ is the QBER and $h(x)$ is the binary entropy function. This remains valid up to an error threshold of approximately $11\%$ —identical to standard four-state BB84 (Krawec, 2016, Boyer et al., 2022).

In the finite-key regime, smooth min-entropy and composable security frameworks apply:

$\ell \le D_{0,Z} + D_{1,Z} [1-h(\hat{e}_x)] - \lambda_{\mathrm{EC}} - 2\log_2 (1/\varepsilon_{\mathrm{cor}}) - 6\log_2(19/\varepsilon_{\mathrm{sec}})$

where $D_{0,Z}, D_{1,Z}$ are vacuum/single-photon detections (est. via decoy), $\hat{e}_x$ is the $X$ -basis phase error bound, and $\lambda_{\mathrm{EC}}$ accounts for error correction (Rusca et al., 2018, Liu et al., 2018, Boyer et al., 2022).

Security proofs have progressed to cover collective attacks, coherent attacks, and fully composable frameworks. These use entropic uncertainty, Azuma’s inequality, and information-disturbance tradeoffs to achieve proofs as strong as those available for full BB84 (Rusca et al., 2018, Boyer et al., 2022).

4. Experimental Implementations and System Integration

Three-state simplified BB84 enables concrete resource and performance advantages:

In polarization-based systems, a single pulsed laser, a dual-level intensity modulator, and a three-level phase modulator suffice. At 625 MHz repetition rate, secret-key rates of 23 bps over 200 km of telecom optical fiber were achieved, maintaining full finite-size security (Grünenfelder et al., 2018).
Time-bin encoding on the transmitter can be implemented with a single intensity modulator for early/late/both carving, followed by phase control for superpositions. Passive beam splitting enables basis randomization and detector assignment on the receiver (Rusca et al., 2018, Liu et al., 2018).
These implementations require fewer modulators and detectors compared to the four-state scheme, halving hardware complexity (three modulator states instead of six or more), and eliminating auxiliary devices.

The simplification also reduces random number consumption (since fewer state preparations are needed) and side-channel opportunities, particularly in polarization qubits where phase calibration and differential attacks present practical risk (Grünenfelder et al., 2018).

5. Security Thresholds, Performance, and Resource Requirements

Comprehensive security analyses have confirmed:

The maximal tolerable QBER of three-state simplified BB84 is essentially identical to that of standard BB84: $p_a \approx 11\%$ (Krawec, 2016, Boyer et al., 2022).
Asymptotic and finite-size secret-key rates are virtually indistinguishable from four-state BB84, except that, in high-loss or extremely finite settings, slightly larger sample sizes may be required for sufficiently tight phase error estimation (Krawec, 2016, Boyer et al., 2022).
For composable security with total soundness $10^{-6}$ at QBER $\sim5\%$ , only $N \sim 10^5$ – $10^6$ quantum signals are necessary (Boyer et al., 2022).

Resource minimization also increases scalability prospects—requiring only two detectors and one modulator, while lowering insertion loss and permitting higher pulse rates (Rusca et al., 2018, Liu et al., 2018).

6. Protocol Variants and Extensions

Three-state simplification admits multiple protocol variants:

Reference-Frame-Independent (RFI) BB84 protocols can also be realized with just three states (two $Z$ -basis, one $X$ -basis). Such schemes retain reference-frame independence and match the secret-key rates and distances of full RFI BB84, robust even under large misalignment (Liu et al., 2018).
Variants accommodate both polarization and time-bin qubits, and can operate with one or two decoy intensities; one decoy suffices for practical performance with minimal loss (Grünenfelder et al., 2018).
Generalizations have extended full composable security proofs to three-state BB84 and related protocols against general attacks, with operationally tight security bounds (Boyer et al., 2022).

7. Comparative Analysis and Practical Implications

Empirical and theoretical work indicates three-state simplified BB84 achieves:

Equivalent asymptotic secret-key rates to standard BB84, including matching the $11\%$ QBER noise threshold (Krawec, 2016, Rusca et al., 2018, Boyer et al., 2022).
Comparable finite-key performance, provided appropriate statistics are gathered for phase error estimation.
Markedly reduced hardware and calibration requirements, enabling greater integration potential, reduced side-channel risk, and higher clock rates (Grünenfelder et al., 2018, Rusca et al., 2018).
In RFI contexts, improved robustness to misalignment over standard BB84 (Liu et al., 2018).

A plausible implication is that three-state BB84 can replace standard four-state BB84 in most practical QKD deployments, especially where component count, simplicity, or efficiency are at a premium, while retaining rigorous unconditional security guarantees.

Key references: (Krawec, 2016, Grünenfelder et al., 2018, Rusca et al., 2018, Liu et al., 2018, Boyer et al., 2022).