Tags: bb84 pseudorandom quantum crypto 


Flawed implementation of BB84 where information reconcilation is not done on random bits but on the first half only, so we can spoof only the second half to correlate ourselves with both Alice and Bob without them knowing. Unintentional backdoor solve possible by breaking python's MT19937. More details and solve script in the full writeup [here](https://www.overleaf.com/read/fnjzhyxzmspq).

Original writeup (https://www.overleaf.com/read/fnjzhyxzmspq).