hardware cryptography

Adversarial Reinforcement Learning for Adaptive Eavesdropping in BB84 Quantum Key Distribution

Curator's Take

This article shows for the first time that a classical reinforcement‑learning agent can turn BB84’s static security analysis on its head by learning to adapt its interception strategy in real time, slashing detection rates from essentially certain to near‑zero under realistic channel noise. By framing eavesdropping as a Markov decision process and demonstrating dramatic gains across Q‑Learning, SARSA and Double Q‑Learning, the work highlights a concrete gap between theoretical security proofs and practical adversaries that can evolve during a key exchange. The findings urge protocol designers to incorporate adaptive‑adversary baselines into security models and to explore countermeasures such as randomized checkpointing before deploying BB84 in real‑world networks.

— Mark Eatherly

Summary

BB84 quantum key distribution derives its security from a physical guarantee that any eavesdropper disturbs the channel in a statistically detectable way. Prior work evaluates this by assuming Eve attacks at a fixed, analytically optimized rate. We examine what happens when Eve is modeled instead as a learning agent. Classical reinforcement learning is used, specifically tabular Q-Learning, SARSA, and Double Q-Learning, to adaptive BB84 eavesdropping. This formulates the attacker's decision as a Markov Decision Process where the agent observes Quantum Bit Error Rate (QBER) feedback and decides, qubit by qubit, whether to intercept or pass. Experiments span three channel noise levels ($μ_{ch}\in\{1\%,3\%,5\%\}$) and are validated across five independent random seeds (45 training runs per condition, 10,000 episodes each). Against the best non-adaptive analytical baseline, Q-Learning reduces detection from $99.4\%$ to $0.28\%\pm0.27\%$ at $μ_{ch}=1\%$ while extracting approximately 10.5 correct bits per episode. This is a 355-fold reduction that is statistically significant ($p=0.020$, Mann-Whitney $U$ test). We also report the spontaneous emergence of an end-game burst, where agents independently learn to surge their attack rate at the final block. This exploit vanishes under randomized checkpoint intervals while stealth performance remains statistically indistinguishable. These results motivate the inclusion of adaptive adversary baselines in quantum cryptographic security evaluations.