Tony Metger,Renato Renner

DOI: https://doi.org/10.1038/s41467-023-40920-8

2023-11-18

Abstract:The goal of quantum key distribution (QKD) is to establish a secure key between two parties connected by an insecure quantum channel. To use a QKD protocol in practice, one has to prove that a finite size key is secure against general attacks: no matter the adversary's attack, they cannot gain useful information about the key. A much simpler task is to prove security against collective attacks, where the adversary is assumed to behave identically and independently in each round. In this work, we provide a formal framework for general QKD protocols and show that for any protocol that can be expressed in this framework, security against general attacks reduces to security against collective attacks, which in turn reduces to a numerical computation. Our proof relies on a recently developed information-theoretic tool called generalised entropy accumulation and can handle generic prepare-and-measure protocols directly without switching to an entanglement-based version.

Quantum Physics

Horace P. Yuen

DOI: https://doi.org/10.48550/arXiv.1109.2675

2011-11-09

Abstract:The security significance of the trace distance security criterion $d$ is analyzed in terms of operational probabilities of an attacker's success in identifying different subsets of the generated key, both during the key generation process and when the key is used in one-time pad data encryption under known-plaintext attacks. The difference between Eve's sequence error rate and bit error rate is brought out. It is shown with counter-examples that the strong security claim maintained in the literature is incorrect. Other than the whole key error rates that can be quantified at the levels d^{1/3} and d^{1/4} which are much worse than $d$ itself, the attacker's success probabilities in estimating various subsets of the key and in known-plaintext attacks are yet to be quantified from $d$ if possible. It is demonstrated in realistic numerical examples of concrete protocols that drastic breach of security cannot yet be ruled out.

Quantum Physics

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Michel Boyer,Gilles Brassard,Nicolas Godbout,Rotem Liss,Stéphane Virally

DOI: https://doi.org/10.3390/quantum5010005

2023-07-04

Abstract:Quantum key distribution (QKD) protocols aim at allowing two parties to generate a secret shared key. While many QKD protocols have been proven unconditionally secure in theory, practical security analyses of experimental QKD implementations typically do not take into account all possible loopholes, and practical devices are still not fully characterized for obtaining tight and realistic key rates. We present a simple method of computing secure key rates for any practical implementation of discrete-variable QKD (which can also apply to measurement-device-independent QKD), initially in the single-qubit lossless regime, and we rigorously prove its unconditional security against any possible attack. We hope our method becomes one of the standard tools used for analysing, benchmarking, and standardizing all practical realizations of QKD.

Quantum Physics,Cryptography and Security

Matthias Christandl,Renato Renner,Artur Ekert

2004-01-01

Abstract:Quantum key distribution allows two parties, traditionally known as Alice and Bob, to establish a secure random cryptographic key if, firstly, they have access to a quantum communication channel, and secondly, they can exchange classical public messages which can be monitored but not altered by an eavesdropper, Eve. Quantum key distribution provides perfect security because, unlike its classical counterpart, it relies on the laws of physics rather than on ensuring that successful eavesdropping would require excessive computational effort. However, security proofs of quantum key distribution are not trivial and are usually restricted in their applicability to specific protocols. In contrast, we present a general and conceptually simple proof which can be applied to a number of different protocols. It relies on the fact that a cryptographic procedure called privacy amplification is equally secure when an adversary’s memory for data storage is quantum rather than classical [1].

Zhengyu Li,Yi-Chen Zhang,Hong Guo

DOI: https://doi.org/10.48550/arxiv.1805.04249

2018-01-01

Abstract:Quantum key distribution (QKD) provides secure keys resistant to code-breaking quantum computers. As headed towards commercial application, it is crucial to guarantee the practical security of QKD systems. However, the difficulty of security proof limits the flexibility of protocol proposals, which may not fulfill with real application requirements. Here we show a protocol design framework that allows one to securely construct the protocol using arbitrary non-orthogonal states. Multi-mode entangled source is virtually introduced for the security analysis, while coherent measurement is used to provide raw data. This 'arbitrary' feature reverses the traditional protocol-decide-the-system working style, such that the protocol design now can follow what the system generates. We show a valuable showcase, which not only solves the security challenge of discrete-modulated coherent states, but also achieves high performance with no more than 256 coherent states. Our findings lower the requirement for system venders with off-the-shell devices, thus will promote the commercialization of QKD.

Zehong Chang,Fumin Wang,Xiaoli Wang,Xiaofei Liu,Rongqian Wu,Yi lv,Pei Zhang

2021-01-01

Abstract: Quantum key distribution (QKD) gradually has become a crucial element of practical secure communication. In different scenarios, the security analysis of genuine QKD systems is complicated. A universal secret key rate calculation method, used for realistic factors such as multiple degrees of freedom encoding, asymmetric protocol structures, equipment flaws, environmental noise, and so on, is still lacking. Based on the correlations of statistical data, we propose a security analysis method without restriction on encoding schemes. This method makes a trade-off between applicability and accuracy, which can effectively analyze various existing QKD systems. We illustrate its ability by analyzing source flaws and a high-dimensional asymmetric protocol. Results imply that our method can give tighter bounds than the Gottesman-Lo-L\"utkenhaus-Preskill (GLLP) analysis and is beneficial to analyze protocols with complex encoding structures. Our work has the potential to become a reference standard for the security analysis of practical QKD.

Marcos Curty,Feihu Xu,Wei Cui,Charles Ci Wen Lim,Kiyoshi Tamaki,Hoi-Kwong Lo

DOI: https://doi.org/10.1038/ncomms4732

IF: 16.6

2014-01-01

Nature Communications

Abstract:Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach—measurement-device-independent quantum key distribution—has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time-frame of signal transmission.

Joseph M. Renes,Markus Grassl

DOI: https://doi.org/10.1103/PhysRevA.74.022317

2006-08-29

Abstract:Prepare and measure quantum key distribution protocols can be decomposed into two basic steps: delivery of the signals over a quantum channel and distillation of a secret key from the signal and measurement records by classical processing and public communication. Here we formalize the distillation process for a general protocol in a purely quantum-mechanical framework and demonstrate that it can be viewed as creating an ``effective'' quantum channel between the legitimate users Alice and Bob. The process of secret key generation can then be viewed as entanglement distribution using this channel, which enables application of entanglement-based security proofs to essentially any prepare and measure protocol. To ensure secrecy of the key, Alice and Bob must be able to estimate the channel noise from errors in the key, and we further show how symmetries of the distillation process simplify this task. Applying this method, we prove the security of several key distribution protocols based on equiangular spherical codes.

Quantum Physics

Walter O. Krawec

DOI: https://doi.org/10.48550/arXiv.2203.02989

2022-03-06

Abstract:Two-way quantum key distribution protocols utilize bi-directional quantum communication to establish a shared secret key. Due to the increased attack surface, security analyses remain challenging. Here we investigate a high-dimensional variant of the Ping Pong protocol and perform an information theoretic security analysis in the finite-key setting. Our methods may be broadly applicable to other QKD protocols, especially those relying on two-way channels. Along the way, we show some fascinating benefits to high-dimensional quantum states applied to two-way quantum communication.

Quantum Physics

Li Fang-Yi,Yin Zhen-Qiang,Li Hong-Wei,Chen Wei,Wang Shuang,Wen Hao,Zhao Yi-Bo,Han Zheng-Fu

DOI: https://doi.org/10.1088/0256-307x/31/7/070302

2014-01-01

Chinese Physics Letters

Abstract:Although some ideal quantum key distribution protocols have been proved to be secure, there have been some demonstrations that practical quantum key distribution implementations were hacked due to some real-life imperfections. Among these attacks, detector side channel attacks may be the most serious. Recently, a measurement device independent quantum key distribution protocol [Phys. Rev. Lett. 108 (2012) 130503] was proposed and all detector side channel attacks are removed in this scheme. Here a new security proof based on quantum information theory is given. The eavesdropper's information of the sifted key bits is bounded. Then with this bound, the final secure key bit rate can be obtained.

Hua-Lei Yin,Min-Gang Zhou,Jie Gu,Yuan-Mei Xie,Yu-Shuo Lu,Zeng-Bing Chen

DOI: https://doi.org/10.1038/s41598-020-71107-6

IF: 4.6

2020-01-01

Scientific Reports

Abstract:The BB84 quantum key distribution (QKD) combined with decoy-state method is currently the most practical protocol, which has been proved secure against general attacks in the finite-key regime. Thereinto, statistical fluctuation analysis methods are very important in dealing with finite-key effects, which directly affect secret key rate, secure transmission distance and most importantly, the security. There are two tasks of statistical fluctuation in decoy-state BB84 QKD. One is the deviation between expected value and observed value for a given expected value or observed value. The other is the deviation between phase error rate of computational basis and bit error rate of dual basis. Here, we provide the rigorous and optimal analytic formula to solve the above tasks, resulting to higher secret key rate and longer secure transmission distance. Our results can be widely applied to deal with statistical fluctuation in quantum cryptography protocols.

Yi Zhao,Bing Qi,Hoi-Kwong Lo

DOI: https://doi.org/10.1103/PhysRevA.77.052327

2008-05-26

Abstract:The security of a standard bi-directional "plug & play" quantum key distribution (QKD) system has been an open question for a long time. This is mainly because its source is equivalently controlled by an eavesdropper, which means the source is unknown and untrusted. Qualitative discussion on this subject has been made previously. In this paper, we present the first quantitative security analysis on a general class of QKD protocols whose sources are unknown and untrusted. The securities of standard BB84 protocol, weak+vacuum decoy state protocol, and one-decoy decoy state protocol, with unknown and untrusted sources are rigorously proved. We derive rigorous lower bounds to the secure key generation rates of the above three protocols. Our numerical simulation results show that QKD with an untrusted source gives a key generation rate that is close to that with a trusted source.

Quantum Physics

Aysajan Abidin,Jan-Åke Larsson

DOI: https://doi.org/10.48550/arXiv.1109.5168

2011-09-23

Quantum Physics

Abstract:We study the security of a specific authentication procedure of interest in the context of Quantum Key Distribution (QKD). It works as follows: use a secret but fixed Strongly Universal$_2$ (SU$_2$) hash function and encrypt the output tag with a one-time pad (OTP). If the OTP is completely secret, the expected time for an adversary to create a tag for a chosen message is exponential in the tag length. If, however, the OTP is partially known in each authentication round, as is the case in practical QKD protocols, then the picture is different; the adversary's partial knowledge of the OTP in each authentication round gives partial information on the secret hash function, and this weakens the authentication in later rounds. The effect of this is that the lifetime of the system is linear in the length of the fixed key. This is supported by the composability theorem for QKD, that in this setting provides an upper bound to the security loss on the secret hash function, which is exponential in the number of authentication rounds. This needs to be taken into account when using the protocol, since the authentication gets weakened at each subsequent round and thus the QKD generated is key is not as strong as when the authentication is strong. Some countermeasures are discussed at the end of this paper.

Ignatius William Primaatmaja,Wen Yu Kon,Charles Lim

2024-10-19

Abstract:In recent years, discrete-modulated continuous-variable quantum key distribution (DM-CV-QKD) has gained traction due to its practical advantages: cost-effectiveness, simple state preparation, and compatibility with existing communication technologies. This work presents a security analysis of DM-CV-QKD against general sequential attacks, including finite-size effects. Remarkably, our proof considers attacks that are neither independent nor identical, and makes no assumptions about the Hilbert space dimension of the receiver. To analyse the security, we leverage the recent generalised entropy accumulation theorem and the numerical methods based on quasi-relative entropy. We also develop a novel dimension reduction technique which is compatible with the entropy accumulation framework. While our analysis reveals significant finite-size corrections to the key rate, the protocol might still offer advantages in specific scenarios due to its practical merits. Our work also offers some insights on how future security proofs can improve the security bounds derived in this work.

Quantum Physics

Michele Mosca,Douglas Stebila,Berkant Ustaoğlu

DOI: https://doi.org/10.1007/978-3-642-38616-9_9

2013-01-01

Abstract:Key establishment is a crucial primitive for building secure channels in a multi-party setting. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel.Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, although existing security proofs of QKD typically assume idealized authentication. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol.We describe a security model for quantum key distribution extending classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure.

Hong-Yi Su

2023-12-11

Abstract:We present a generic study on the information-theoretic security of multi-setting device-independent quantum key distribution protocols, i.e., ones that involve more than two measurements (or inputs) for each party to perform, and yield dichotomic results (or outputs). The approach we develop, when applied in protocols with either symmetric or asymmetric Bell experiments, yields nontrivial upper bounds on the secure key rates, along with the detection efficiencies required upon the measuring devices. The results imply that increasing the number of measurements may lower the detection efficiency required by the security criterion. The improvement, however, depends on (i) the choice of multi-setting Bell inequalities chosen to be tested in a protocol, and (ii) either a symmetric or asymmetric Bell experiment is considered. Our results serve as an advance toward the quest for evaluating security and reducing efficiency requirement of applying device-independent quantum key distribution in scenarios without heralding.

Quantum Physics

Chi-Hang Fred Fung,Xiongfeng Ma,H. F. Chau

DOI: https://doi.org/10.1103/physreva.81.012318

2010-01-01

Abstract:Quantum key distribution (QKD) is a secure key generation method between two distant parties by wisely exploiting properties of quantum mechanics. In QKD, experimental measurement outcomes on quantum states are transformed by the two parties to a secret key. This transformation is composed of many logical steps (as guided by security proofs), which together will ultimately determine the length of the final secret key and its security. We detail the procedure for performing such classical postprocessing taking into account practical concerns (including the finite-size effect and authentication and encryption for classical communications). This procedure is directly applicable to realistic QKD experiments and thus serves as a recipe that specifies what postprocessing operations are needed and what the security level is for certain lengths of the keys. Our result is applicable to the BB84 protocol with a single or entangled photon source.

Federico Grasselli,Giovanni Chesi,Nathan Walk,Hermann Kampermann,Adam Widomski,Maciej Ogrodnik,Michał Karpiński,Chiara Macchiavello,Dagmar Bruß,Nikolai Wyderka

2024-11-30

Abstract:Quantum Key Distribution (QKD) is a promising technology for secure communication. Nevertheless, QKD is still treated with caution in certain contexts due to potential gaps between theoretical models and actual QKD implementations. A common assumption in security proofs is that the detection probability at the receiver, for a given input state, is independent of the measurement basis, which might not always be verified and could lead to security loopholes. This paper presents a security proof for QKD protocols that does not rely on the above assumption and is thus applicable in scenarios with detection probability mismatches, even when induced by the adversary. We demonstrate, through simulations, that our proof can extract positive key rates for setups vulnerable to large detection probability mismatches. This is achieved by monitoring whether an adversary is actively exploiting such vulnerabilities, instead of considering the worst-case scenario as in previous proofs. Our work highlights the importance of accounting for basis-dependent detection probabilities and provides a concrete solution for improving the security of practical QKD systems.

Quantum Physics

Víctor Zapatero,Álvaro Navarrete,Marcos Curty

2023-10-31

Abstract:The problem of implementation security in quantum key distribution (QKD) refers to the difficulty of meeting the requirements of mathematical security proofs in real-life QKD systems. Here, we provide a succint review on this topic, focusing on discrete variable QKD setups. Particularly, we discuss some of their main vulnerabilities and comment on possible approaches to overcome them.

Quantum Physics