== REVIEWER 1== Quantum technologies are making headlines worldwide, and there will be a great demand for simple demonstrations to the large public. The current paper reports on one such demonstration, in which students are led to run a version of the BB84 protocol for quantum key distribution. A secure implementation of BB84 requires non-standard components (e.g. detectors operated in the photon-counting mode) which may not be easily available for schools and general labs. Standard components open security loopholes. Instead of hiding it, the authors make the very commendable step of making the hacking part of the learning process. It is a very remarkable effort, well documented, with online resources made available. I do recommend it for publication. GENERAL RESPONSE (ADRIAN): Thanks a lot :) I want to suggest a few clarifications: (a) The authors draw a dichotomy: single photon = secure, laser = insecure. But as I hinted before, BB84 could be made secure with laser sources, provided they are attenuated well below 1 photon/coherence time, which requires operating photodiodes in the photon counting regime. It would be good to state this very clearly, as most commercial implementations of QKD use lasers: you don't want the students to get away with the idea that all those companies are cheating. MATHIAS: We added a discussion on commercial implementations of BB84 with weak coherent pulses. We also elaborate that these type of implementations require a more complex BB84 protocol which uses decoy states to be secure from side-channel attacks. (b) The references for device-independent QKD are not well chosen: [28] describes security against a "no-signaling adversary", a more abstract situation than known physics; so it's not QUANTUM key distribution strictly speaking; [29] is a very technical development that proved security against the most general attack by a quantum adversary, but was later improved. The correct references to cite would be: -- For the idea of DI QKD, the correct reference is Acin et al. Phys. Rev. Lett. 98, 230501 (2007) -- If the authors really want to give the ultimate security proof, the best work (which proves that the Acin et al bound is actually optimal) is: Arnon-Friedman et al. SIAM Journal on Computing 48.1 (2019): 181- 225 ADRIAN: Corrected the references [28] and [29] appropriately. Thanks for the correction. We have also added the reference to the black book of quantum cryptography. (c) The authors mention that the workshop is preceded by a few introductory lectures. This may be a weak point, insofar as a teacher that is not familiar with the topic may not feel comfortable in setting up the experiment, for fear of not being able to answer specific questions. Maybe the authors could suggest existing resources for upgrading: serious YouTube videos, books aimed at the same audience... ADRIAN: Added a few sentences on book recommendation in section 4. ==REVIEWER 2== The aim of the manuscript is to describe a hands-on quantum cryptography workshop for pre-university students. The underlying experiment relies on the use of an intense laser beam to represent the quantum channel with qubits encoded in the polarization state of the light and on infrared pulses to establish the classical channel. Besides the traditional transmitters and receivers, namely, Alice and Bob, the setup includes an eavesdropper who benefits from the non-genuine quantum nature of the apparatus to clone information. As a whole, the paper is extremely unclear, the explanations are confusing and obscure and does not follow an adequate didactic sequence. It lacks definitions on non-trivial concepts (exemplified below), the figures are over-polluted and too technical, do not respect any standardisation, and explanations on both captions and on the main text are missing in many of them. Last, but even more important: the ideia is not original in its essence, since a very similar paper has already been published in Reference 15 [A. L. P. Camargo, L. O. Pereira, W. F. Balthazar, and J. A. O. Huguenin, “Simulation of the BB84 protocol of quantum cryptography by using an intense laser beam,” Revista Brasileira de Ensino de Física 39, 2305 (2017)]. Indeed, the role of the eavesdropper in the mentioned paper is closer to the one in a realistic quantum protocol, which involves intercepting the qubit sent by Alice for the key generation and resending a new one to Bob. For all these reasons, I do not recommend the paper to be published in such a high standard journal as the American Journal of Physics. GENERAL RESPONSE (ADRIAN): We find the reviewer's claims to be pretty unfair, although we agree that some of the non-trivial concepts can be explained better and the presentation of the experimental implementation might have been a bit too technical. We also agree with some of the more specific comments as listed below. At the first glance, the content of our paper might appear to be very similar to Ref 15. We only encountered this paper during the writing process. We discuss about this a lot during our writing process, and we concluded that the ideas and the approaches are actually pretty different, even though the basic idea is very similar, and we have a small comment about it on the last paragraph of section 4.A. From our understanding of the AJP editorial statement, the research ideas do not have to be completely new, and what is more important is to extend the contemporary research ideas and bring it into classrooms. However, as the language of the paper is in Portugese, we can only infer the discussions from google translate and the figures. First, Ref 15 mostly describes their setup with a small discussion on the teaching and pedagogical aspects to it, while our paper implements the setup along with the workshop full of students. Second, the experiment conducted in Ref 15 only uses 100 bits of manually simulated quantum bit, while our work also create the key using automation, and perform encryption with the "secret" message transfer. The whole idea of our paper is to perform the whole cryptography protocol, and not just a small aspect of the symmetric key distribution. Third, Ref 15 deals with one particular type of attack, the intercept and resend attack, which are not used nor talked about in our paper, although it is the most commonly discussed attempt of an attack. This brings to the point that most commonly discussed form of attack in normal pedagogical QKD lessons already assumes that the photons are already ideal single photons. Here, we want to really honk on the fact that you should really not trust the experimentalist. The students that attend the workshop are already familiar with the intercept and resend attack when then material was presented in the theoretical lectures, but they still fall in the trap in the system that they thought they could have trusted. Fourth, perhaps most importantly, the Eve of Ref 15 did not succeed to hack the system, even though they could have succeded. In our work, the students do not only hack the quantum key, but they also listen to the classical channel, and put them together to crack the message. Alas, there is even another cryptanalysis attack possible (refer to appendix A). Even though Ref 15 talks a bit about the photon number splitting attack on the later part, they did not manage to leverage on it to create a learning opportunity. We do not want our students to walk away thinking that the setup is secure. Instead, it would be pretty nice if they start with a demonstration similar to Ref. 15, rest for a night, and then have their very intuition challenged the very next day in our workshop. This we actually did -- but we did the more well-known chocolate ball experiment instead (Ref. 16). We thought about including the discussion of these differences a bit more in our paper, but we decided against it as it might detract the reader too far away from the main topic. The role of the eavesdropper in Ref 15 is different from our paper. For any realistic quantum cryptography protocol, or any cryptography in general, the Eve will find the weakest link in the security chain. If she can just bribe Alice or Bob for the secret message, she should just do that. Here we explore an eavedropping mechanism that actually works and can successfully obtain the secret message, rather than the very popular hack that everyone knows about but never works and will never work. Nevertheless, I list the following comments which I hope could make the text more accessible to non experts: 1) I have noticed some specific expressions which, to my knowledge, should not be assumed to be familiar in advance. In fact, "quarter wave plate", "mutually unbiased basis", "one time pad", “device independent QKD protocol”, “symmetric key”, “beam splitter”, and “XOR" are not common terms acknowledged by usual readers of the journal. These concepts should be explained in the main text. NOT FAIR. ADRIAN: we have expand and improve some of the expressions. Quarter-wave plate: the mechanism of the quarter wave plate has already already explained in figure 2 caption and in section 3.A. Mutually unbiased basis: {{{we will work on this}}} One time pad: {{{we need to explain this as well}}} DI QKD protocol: it is not necessary to understand DI QKD for this paper, and interested readers are referred to the suitable reference. Symmetric key: not sure how to explain it even further, but we add a symmetric keyword in the "safely" distributed key (paragraph 1). beam splitter: the mechanism of the beam splitter has been explained in the main text (3.D.). In addition, {{{we have to work on the word intercept}}}. 2) In beginning of the second paragraph of the Introduction, there should be added that the security of the protocol is based both on the no cloning theorem and on the capability of identifying the presence of an eavesdropper. Still in the same paragraph, after the sentence "These invention spurred..." there should be mentioned some of the companies which today make quantum cryptography products available for the market. ADRIAN (content), JW (edit): The security of the QKD protocol should not be dependent upon the capability of identifying the presence of an eavesdropper. For example, in the ideal BB84 scenario, Eve can split off some of the beam, and Bob won't be able to notice her, except for the fact that the channel becomes more lossy. The reason why Eve can't gain any information about the secret key has nothing to do with whether Bob notices Eve or not. Thus, only if Eve decides to resend the intercepted photon to Bob, then will Bob be able to identify her presence. This idea of "identifying eavesdropper presence" is not general for all attack scenarios. We don't think mentioning any quantum crypto companies would be beneficial to the paper, as a lot of them are still in developing phases, and interested reader can just google which are the most well-funded, or the biggest at the time. 3) By the end of the second paragraph of the Introduction, one can find the pair of sentences “There now exist several QKD demonstrations for non-experts which focus on the key distribution step of the protocol. However, since QKD and encryption are both non-trivial concepts, a session that implements both steps facilitates learners to arrive at a holistic understanding of how quantum cryptography is used to transmit a private message." The language is not precise in these sentences. In fact, the BB84 protocol aims exclusively at the transmission of the secret key. The second sentence may induce one to think that encryption belongs to the protocol and, in doing so, also uses quantum resources. MATHIAS: Thanks, indeed the wording was vague. We hope that our goal, namely teaching a holistic understanding of the role QKD plays in encryption, is clearer now. 4) The usage of infrared pulses, instead of visible light, for the classical channel should be justified. JW: widely available IR tranceivers. remote controls are in every house; pedagogical purpose. 5) The BB84 protocol’s description on Section II is not as clear as it should be for the lay reader. Definitely, Fig.1 should have been explained in details in the main text, given that it is essential for the proper understanding of anyone who is not an active reader in the area. A simple title in the caption is not of much use. JW: Increase fig caption. Explain A, X, polariation, what's sent through classical channel, unalabelled row of polarizations... 6) Still in Section II, item 2, in the sentence "The intensity values are categorized into low and high values and recorded as B = {b1, b2, ..., bn}, with bi ∈ [0, 1]. In fact, when the basis does not match, one measures medium values for the intensity. How is this case categorized? How is the threshold established given the presence of noise to really simulate measures at random when bases do not match? This point should be made clear for the readers. In item 3, I suggest the last sentence to be altered to read "Second, to learn about the state transmitted to Bob, Eve would have to perform a measurement which inadvertently disturbs the state and may reveal herself”. It is worth to mention that in the original BB84 quantum protocol a fraction of qubits are publicly compared for disagreement (and though not used for the secret key) in order for them to check the presence of an eavesdropper. JW: Side channel attack just lowers efficiency, does not reveal Eve. what reviewer says is only true to send-resend attacks. 7) Figure 5 is not referenced in any part of the main text. ADRIAN: Added the links to Figure 3, 5 and 7 in the main text. 8) Figure 8 and its corresponding explanation text are incomprehensible for those who do not know the “K-means clustering algorithm". Besides, which are photodiodes 1 and 2? In Fig 2, since at least one of the photodiodes on Eve’s apparatus is right after a beam splitter, it must measure a constant intensity from the incoming beam. How can one measure different intensity values as suggested by Fig. 8? What do mean the different colours? What does Eve extract from the graph of Figure 8 and why does she need such a brutal force method to derive the key? JW: 9) Figure 9 is also not referenced in any part of the main text. ADRIAN: added the link to Figure 9 in the main text. ==REVIEWER 3== In this paper, the authors report on a workshop exercise they have developed and used with high school students to convey concepts involved in quantum key distribution. The experiment the students perform is not actual quantum key distribution, because it does not entail the production or measurement of single photons or of light pulses approximating single photons. Instead, the pulses are large, and an eavesdropper can easily divert part of each pulse for measurement. The paper is somewhat analogous to other papers that have been published in AJP showing how the concepts of quantum cryptography can be conveyed through activities that do not require doing actual quantum cryptography. Examples are cited in the paper as Refs. 14, 16 and 17. It appears that the authors’ teaching strategy has been a success. I expect the students would come away with a reasonable understanding of the principles, and I can see how the experience could be engaging and enjoyable. Moreover, the paper itself is well written. I think a version of the paper could be appropriate for AJP. However, it seems to me that, considering the subject matter, the paper as it stands is too long and includes too many technical details. Let me contrast the paper with Refs. 16 and 17, which describe games that illustrate quantum cryptography and other quantum ideas. In those papers, it was necessary to explain the games in some detail, because the games were quite novel and were not at all standard. In contrast, the authors of this new paper are using the standard BB84 polarizations and the standard BB84 measurements. Anyone familiar with the BB84 protocol would be able to imagine something like the authors’ set-up once they know that the authors are carrying out a simulation of the BB84 protocol with large laser pulses. It does not seem appropriate to me to use precious pages of AJP to explain the technical details of the apparatus. I would recommend that the authors submit a version of the paper about half the length of the current version. Of course the BB84 protocol needs to be explained briefly, and the basic scheme of the apparatus needs to be presented (also briefly), but the primary focus should be the pedagogical method and the students’ experiences: how the students were broken into teams, what each team did, how they reported to each other, how they responded to the experience. Perhaps technical details could be made available to interested readers at some other site, just as the Arduino and Python programs are currently made available. GENERAL RESPONSE (ADRIAN): We agree with the reviewer's comment that the paper might be a bit too long and might contain too many technical details, and as the response to that, we have reduced or relegate to the footnotes some of less important technical details. {{should we do the above?}} However, we still find that some of the technical descriptions of the apparatus are probably necessary for the more technically-inclined readers, or for the teachers who were browsing through to gauge the complexity of the setup. We wish to communicate the message that the setup is really not complex, and anyone with a basic experimental background should be able to build it. We have also included pictures of the real setup, so that the readers can imagine what the setup would finally look like. In addition, we could not assume that the standard AJP readers are familiar with the standard BB84 polarization, measurement, or setup. We have to give a benefit of the doubt to the readers, and produce a self-contained paper about BB84, regardless of whether it is standard in our specialized trade. Hence, we don't think that reducing the length to be half of the current one would be appropriate. The original word count is around 5100 words (including Appendixes and figure captions, excluding Acknowledgement and Appendices), and after removing a few of the technicalities, we have reduced it to 4600 by reworking on the technicalities, which is already the standard length of AJP papers. Currently, the discussion on the pedagogical methods and the student experiences (Section 4) consists of around 1400 words, which is higher than Section 3 consisting of 1200 words (including figure caption). We appreciate the comment from the reviewer, in the sense that, there are a lot of readers who are more interested in the pedagogical aspect of the workshop, while we came from a more experimentalist background and are naturally interested in the more technical aspect. We obviously don't want to torture them through Section 3 lah... We hope that the current version satisfy this issue. LIST OF CHANGES: 1. Added ", a quarter-wave plate " in the main text(III.A). Rework on caption in Figure 2. Simplify caption on figure 4 (if not, it might be too repetitive). The explanation of the quarter-wave plate in the main text goes on the footnote. 2. The explanation of a visibility measurement goes on the footnote. 3. The generation and syncing process for each qubit goes on the footnote. 4. The discussion about the key length in the main text (III.C) goes on the footnote. 5. Reduce the discussion about Eve's role in Fig2 to refer to the main text. 6. Rewriting (using words from Fig2) section III.C to motivate the two basis measurement. Moving the details of the noise sources and the angle to the footnote. 7. Move the discussion on the solid angle to the figure caption 7. I also have a few specific suggestions: 1. The way the eavesdropper deals with missing out on the polarization calibration is interesting, but I think the authors should point out that no physical principle prevents the eavesdropper from participating in this calibration procedure. I assume the authors prevented Eve from doing so in order to introduce the students to the use of a clustering algorithm and to have them use the cryptanalytic method of looking for meaningful text. 2. I found myself cringing every time the word “qubit” was used to refer to the information content of a laser pulse. The laser pulse is not a qubit but is playing the role of a qubit in this simulation of quantum key distribution. Perhaps the authors could instead use “simulated qubit,” or could explain clearly that they will be using the word “qubit” in a loose sense, to refer to a simulated qubit. 3. In citing the no-cloning theorem, along with the Wootters-Zurek paper, I would recommend also citing D. Dieks, “Communication by EPR Devices,” Phys. Lett. A 92, 271 (1982), which presents essentially the same no-cloning argument. ADRIAN: added the reference, thanks for the suggestion!