Qsim Web Application

QKD simulator © is a web application aimed at simulating and analyzing Quantum Key Distribution protocols. The online simulator is powered by the QKD Simulation Toolkit, which is capable of customizing a wide range of parameters for individual components and sub-protocols in the system, e.g., Quantum channel, Sifting, Error estimation, Reconciliation, Privacy Amplification. Each simulation provides detailed information about the intermediate and final stages of the protocol.

Set the initial simulation settings and press the Run Simulator button.


The QKD Simulator web application is powered by a simulation engine that includes a complete Quantum Key Distribution toolkit. The web application and the QKD toolkit have been developed by Arash Atashpendar under the supervision of Professor Peter Y. A. Ryan. You can reach us here if you have any feedback or questions.
Quantum key distribution (QKD), also referred to as quantum key expansion or establishment, is arguably the most widely known and commercially available application of quantum cryptography. In short, QKD makes use of the properties of quantum mechanics to guarantee secure communication by facilitating the long-standing problem of secure secret key distribution between two parties.
The implementation of the Quantum Key Distribution (QKD) toolkit that powers this website is done entirely in Python and it makes use of various scientific libraries. Moreover, it comes with an easy-to-use API for developers, scientists or enthusiasts wanting to adjust things to their needs. The backend is built in a flexible and reusable manner by using a component-based and fully modular approach such that each sub-protocol can be manipulated in an isolated way. The current version provides a complete implementation of the entire QKD stack, i.e., Quantum Channel, Sifting, Authentication using Universal Hashing, Error Estimation, Reconciliation/Error Correction and Privacy Amplification. The quantum channel currently only supports the BB84 protocol. More protocols will be gradually added to the framework.

QKD Toolkit Details

The QKD Simulation Toolkit powering this website's simulation engine is implemented entirely in Python and makes use of standard scientific libraries such as Scipy, Numpy, Matplotlib, Quantum Information Toolkit (QIT), BitVector, PyCrypto.


Feel free to get in touch with us using [email protected] in case you have any questions or if you need a privileged account. Should you want to run more resource-intensive simulations for much larger qubit counts, feel free to let us know. We could run simulations for you locally upon request and provide you with the results.

QKD (BB84) simulation run example:

Initial Configuration

Property Qubit CountBasis choice bias deltaEve basis choice bias deltaEavesdroppingEavesdropping rateError estimation sampling rateBiased error estimationError tolerance

Detailed Run Information

Phase 1: BB84 Quantum Transmission

Alice prepares a sequence of 500 qubits and send them to Bob over the quantum channel. She randomly chooses a basis for each qubit, rectilinear polarization (horizontal/0 degrees and vertical/90 degrees) or a diagonal polarization (+45 degrees and -45 degrees shifted). She then maps horizontal and vertical with the qubit states |0> and |1>, and +45 degrees and -45 degrees shifted with the states |+> and |->, respectively. Further details:
  • Alice sent 500 qubits to Bob with a basis selection bias of 0.5.
  • Eve is eavesdropping on the quantum channel at a rate of 0.1 and with a basis selection bias of 0.5. There is an eavesdropper, Eve, listening in on the channel. She intercepts the qubits, randomly measures them in one of the two mentioned bases and thus destroys the originals, and then sends a new batch of qubits corresponding to her measurements and basis choices to Bob. Since Eve can choose the right basis only 50% of the time on averate, about 1/4 of her bits differ from those of Alice.

Phase 2.1: Sifting

Bob announces on a public classical channel the qubits that he has managed to successfully measure. Alice and Bob then reveal and exchange the bases they used. They authenticate these three message exchanges. Whenever the bases happen to match - about 50% of the time on average - they both add their corresponding bit to their personal key. In the absence of channel noise, the two keys should be identical unless there has been an eavesdropper. Further details:
  • The sifting phase started with 500 transmitted qubits and the resulting bit string was reduced to 257 bits.
  • 0.514 of Alice's and Bob's chosen measurement bases match. 0.486 of their chosen bases do not match.
  • 0.716 of the two parties measured qubits match before sifting and 0.284 of them do not.
  • 0.9144 of the two parties measured qubits match after sifting and 0.0856 of them do not.

Phase 2.2: Sifting Authentication - Linear Feedback Shift Register (LFSR) Universal Hashing

Alice and Bob authenticate their basis exchange messages using the LFSR universal hashing scheme and a mutually preshared secret key for authentication. 3 messages are authenticated in the sifting phase. Further details:
  • Bob informs Alice of the qubits he managed to successfully measure and he appends an authentication tag to his message. Authentication cost in terms of key material: 64
  • Bob informs Alice of the bases he has chosen for measuring the qubits and he appends an authentication tag to his message. Authentication cost in terms of key material: 64
  • Alice informs Bob of the bases she has chosen for preparing the qubits and she appends an authentication tag to her message. Authentication cost in terms of key material: 64

Phase 3.1: Reconciliation - Error estimation

Alice and Bob estimate the error rate in their sifted keys to determine whether they should proceed to error correction or whether they should abort the protocol based on a predefined error tolerance threshold, usually around 11%. Further details:
  • Alice and Bob permute their sifted keys in order to flatten the errors across the entire bit string. They then perform the error estimation by comparing a subset of their error-flattened sifted keys.
  • An error rate of 0.0784 was estimated using a sample size of 51 given a sampling ratio of 0.2

Phase 3.2: Reconciliation - Error Correction, Cascade

Alice and Bob perform an interactive error correction scheme called Cascade on the public channel in order to locate and correct the erroneous bits in their sifted bit strings. Further details:
  • Cascade was run 6 rounds in order to correct the errors.
  • 18 erroneous bits were detected and corrected.
  • 114 bits were leaked in order to correct the errors.
  • With an error probability of 0.0874, the Shannon bound for the number of leaked bits is: 89.0, compared to the actual number of leaked bits: 114.

Phase 4: Error Correction Confirmation and Authentication

Alice and Bob confirm and authenticate the error correction phase by computing the hash of their error corrected keys using their mutually preshared secret key and by comparing their respective digests. Further details:
  • 64 bits of key material (preshared secret key) were used to authenticate.
  • The Linear Feedback Shift Register (LFSR) universal hashing scheme was used for authentication.

Phase 5: Privacy Amplification

Alice and Bob compute the overall information leakage and run a privacy amplification protocol in order to reduce/minimize Eve's knowledge gained on the key by having eavesdropped on the channel. They do so by locally applying a universal hashing scheme based on Toeplitz matrices. The hashing function will be indexed using yet another chunk of their preshared secret keys. They can also define a security paramter to minimize Eve's knowledge to an arbitrary amount. Further details:
  • 146 bits were leaked up to this point.
  • The key length before running privacy amplification: 206 bits.
  • The final key length is: 40 bits.
  • The chosen security parameter is: 20.

Statistics and Overview

Initial number of qubits500
Final key length40
Estimated error0.0784
Eavesdropping enabled1
Eavesdropping rate0.1
Alice/Bob basis selection bias0.5
Eve basis selection bias0.5
Raw key mismatch before error correction0.0856
Raw key mismatch after error correction0
Information leakage (Total number of disclosed bits)146
Overall key cost for authentication256
Key length before error correction206
Bit error probability0.0874
Bits leaked during error correction114
Shannon bound for leakage89
Security parameter20


This page contains a set of plots generated by the QKD Simulation Toolkit © that reflect some of the asymptotical properties of QKD and certain specific studies found in the literature. More plots and more information surrounding what each plot illustrates will be added soon.

QKD Sifting Plot

Plot of QKD sifting

QKD Biased Error Estimation Plot

Plot of QKD biased error estimation

QKD Shannon Bound vs. Error Correction Plot

Plot of QKD Shannon Bound vs. Error Correction


Add comment

The author will be very pleased to hear feedback about your news.

reload, if the code cannot be seen

Comments 0