-
Bounds on Petz-Rényi Divergences and their Applications for Device-Independent Cryptography
Authors:
Thomas A. Hahn,
Ernest Y. -Z. Tan,
Peter Brown
Abstract:
Variational techniques have been recently developed to find tighter bounds on the von Neumann entropy in a completely device-independent (DI) setting. This, in turn, has led to significantly improved key rates of DI protocols, in both the asymptotic limit as well as in the finite-size regime. In this paper, we discuss two approaches towards applying these variational methods for Petz-Rényi diverge…
▽ More
Variational techniques have been recently developed to find tighter bounds on the von Neumann entropy in a completely device-independent (DI) setting. This, in turn, has led to significantly improved key rates of DI protocols, in both the asymptotic limit as well as in the finite-size regime. In this paper, we discuss two approaches towards applying these variational methods for Petz-Rényi divergences instead. We then show how this can be used to further improve the finite-size key rate of DI protocols, utilizing a fully-Rényi entropy accumulation theorem developed in a partner work. Petz-Rényi divergences can also be applied to study DI advantage distillation, in which two-way communication is used to improve the noise tolerance of quantum key distribution (QKD) protocols. We implement these techniques to derive increased noise tolerances for DIQKD protocols, which surpass all previous known bounds.
△ Less
Submitted 22 August, 2024;
originally announced August 2024.
-
Mutual information chain rules for security proofs robust against device imperfections
Authors:
Amir Arqand,
Tony Metger,
Ernest Y. -Z. Tan
Abstract:
In this work we derive a number of chain rules for mutual information quantities, suitable for analyzing quantum cryptography with imperfect devices that leak additional information to an adversary. First, we derive a chain rule between smooth min-entropy and smooth max-information, which improves over previous chain rules for characterizing one-shot information leakage caused by an additional con…
▽ More
In this work we derive a number of chain rules for mutual information quantities, suitable for analyzing quantum cryptography with imperfect devices that leak additional information to an adversary. First, we derive a chain rule between smooth min-entropy and smooth max-information, which improves over previous chain rules for characterizing one-shot information leakage caused by an additional conditioning register. Second, we derive an ''information bounding theorem'' that bounds the Rényi mutual information of a state produced by a sequence of channels, in terms of the Rényi mutual information of the individual channel outputs, similar to entropy accumulation theorems. In particular, this yields simple bounds on the smooth max-information in the preceding chain rule. Third, we derive chain rules between Rényi entropies and Rényi mutual information, which can be used to modify the entropy accumulation theorem to accommodate leakage registers sent to the adversary in each round of a protocol. We show that these results can be used to handle some device imperfections in a variety of device-dependent and device-independent protocols, such as randomness generation and quantum key distribution.
△ Less
Submitted 12 October, 2024; v1 submitted 29 July, 2024;
originally announced July 2024.
-
Finite-size analysis of prepare-and-measure and decoy-state QKD via entropy accumulation
Authors:
Lars Kamin,
Amir Arqand,
Ian George,
Norbert Lütkenhaus,
Ernest Y. -Z. Tan
Abstract:
An important goal in quantum key distribution (QKD) is the task of providing a finite-size security proof without the assumption of collective attacks. For prepare-and-measure QKD, one approach for obtaining such proofs is the generalized entropy accumulation theorem (GEAT), but thus far it has only been applied to study a small selection of protocols. In this work, we present techniques for apply…
▽ More
An important goal in quantum key distribution (QKD) is the task of providing a finite-size security proof without the assumption of collective attacks. For prepare-and-measure QKD, one approach for obtaining such proofs is the generalized entropy accumulation theorem (GEAT), but thus far it has only been applied to study a small selection of protocols. In this work, we present techniques for applying the GEAT in finite-size analysis of generic prepare-and-measure protocols, with a focus on decoy-state protocols. In particular, we present an improved approach for computing entropy bounds for decoy-state protocols, which has the dual benefits of providing tighter bounds than previous approaches (even asymptotically) and being compatible with methods for computing min-tradeoff functions in the GEAT. Furthermore, we develop methods to incorporate some improvements to the finite-size terms in the GEAT, and implement techniques to automatically optimize the min-tradeoff function. Our approach also addresses some numerical stability challenges specific to prepare-and-measure protocols, which were not addressed in previous works.
△ Less
Submitted 14 August, 2024; v1 submitted 14 June, 2024;
originally announced June 2024.
-
Generalized Rényi entropy accumulation theorem and generalized quantum probability estimation
Authors:
Amir Arqand,
Thomas A. Hahn,
Ernest Y. -Z. Tan
Abstract:
The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging t…
▽ More
The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging to construct optimally in practice. In this work, we address both of these challenges simultaneously by deriving a new entropy accumulation bound. Our bound yields significantly better finite-size performance, and can be computed as an intuitively interpretable convex optimization, without any specification of affine min-tradeoff functions. Furthermore, it can be applied directly at the level of Rényi entropies if desired, yielding fully-Rényi security proofs. Our proof techniques are based on elaborating on a connection between entropy accumulation and the frameworks of quantum probability estimation or $f$-weighted Rényi entropies, and in the process we obtain some new results with respect to those frameworks as well. In particular, those findings imply that our bounds apply to prepare-and-measure protocols without the virtual tomography procedures or repetition-rate restrictions previously required for entropy accumulation.
△ Less
Submitted 8 July, 2024; v1 submitted 9 May, 2024;
originally announced May 2024.
-
Entropy bounds for device-independent quantum key distribution with local Bell test
Authors:
Ernest Y. -Z. Tan,
Ramona Wolf
Abstract:
One of the main challenges in device-independent quantum key distribution (DIQKD) is achieving the required Bell violation over long distances, as the channel losses result in low overall detection efficiencies. Recent works have explored the concept of certifying nonlocal correlations over extended distances through the use of a local Bell test. Here, an additional quantum device is placed in clo…
▽ More
One of the main challenges in device-independent quantum key distribution (DIQKD) is achieving the required Bell violation over long distances, as the channel losses result in low overall detection efficiencies. Recent works have explored the concept of certifying nonlocal correlations over extended distances through the use of a local Bell test. Here, an additional quantum device is placed in close proximity to one party, using short-distance correlations to verify nonlocal behavior at long distances. However, existing works have either not resolved the question of DIQKD security against active attackers in this setup, or used methods that do not yield tight bounds on the keyrates. In this work, we introduce a general formulation of the keyrate computation task in this setup that can be combined with recently developed methods for analyzing standard DIQKD. Using this method, we show that if the short-distance devices exhibit sufficiently high detection efficiencies, positive keyrates can be achieved in the long-distance branch with lower detection efficiencies as compared to standard DIQKD setups. This highlights the potential for improved performance of DIQKD over extended distances in scenarios where short-distance correlations are leveraged to validate quantum correlations.
△ Less
Submitted 9 October, 2024; v1 submitted 31 March, 2024;
originally announced April 2024.
-
Postselection technique for optical Quantum Key Distribution with improved de Finetti reductions
Authors:
Shlok Nahar,
Devashish Tupkary,
Yuming Zhao,
Norbert Lütkenhaus,
Ernest Y. -Z. Tan
Abstract:
The postselection technique is an important proof technique for proving the security of quantum key distribution protocols against coherent attacks. In this work, we go through multiple steps to rigorously apply the postselection technique to optical quantum key distribution protocols. First, we place the postselection technique on a rigorous mathematical foundation by fixing a technical flaw in t…
▽ More
The postselection technique is an important proof technique for proving the security of quantum key distribution protocols against coherent attacks. In this work, we go through multiple steps to rigorously apply the postselection technique to optical quantum key distribution protocols. First, we place the postselection technique on a rigorous mathematical foundation by fixing a technical flaw in the original postselection paper. Second, we extend the applicability of the postselection technique to prepare-and-measure protocols by using a de Finetti reduction with a fixed marginal. Third, we show how the postselection technique can be used for decoy-state protocols by tagging the source. Finally, we extend the applicability of the postselection technique to realistic optical setups by developing a new variant of the flag-state squasher. We also improve existing de Finetti reductions, which reduce the effect of using the postselection technique on the key rate. These improvements can be more generally applied to other quantum information processing tasks. As an example to demonstrate the applicability of our work, we apply our results to the time-bin encoded three-state protocol. We observe that the postselection technique performs better than all other known proof techniques against coherent attacks.
△ Less
Submitted 16 October, 2024; v1 submitted 18 March, 2024;
originally announced March 2024.
-
Security Proof for Variable-Length Quantum Key Distribution
Authors:
Devashish Tupkary,
Ernest Y. -Z. Tan,
Norbert Lütkenhaus
Abstract:
We present a security proof for variable-length QKD in the Renner framework against IID collective attacks. Our proof can be lifted to coherent attacks using the postselection technique. Our first main result is a theorem to convert a series of security proofs for fixed-length protocols satisfying certain conditions to a security proof for a variable-length protocol. This conversion requires no ne…
▽ More
We present a security proof for variable-length QKD in the Renner framework against IID collective attacks. Our proof can be lifted to coherent attacks using the postselection technique. Our first main result is a theorem to convert a series of security proofs for fixed-length protocols satisfying certain conditions to a security proof for a variable-length protocol. This conversion requires no new calculations, does not require any changes to the final key lengths or the amount of error-correction information, and at most doubles the security parameter. Our second main result is the description and security proof of a more general class of variable-length QKD protocols, which does not require characterizing the honest behaviour of the channel connecting the users before the execution of the QKD protocol. Instead, these protocols adaptively determine the length of the final key, and the amount of information to be used for error-correction, based upon the observations made during the protocol. We apply these results to the qubit BB84 protocol, and show that variable-length implementations lead to higher expected key rates than the fixed-length implementations.
△ Less
Submitted 10 May, 2024; v1 submitted 2 November, 2023;
originally announced November 2023.
-
Memory effects in device-dependent and device-independent cryptography
Authors:
Ernest Y. -Z. Tan
Abstract:
In device-independent cryptography, it is known that reuse of devices across multiple protocol instances can introduce a vulnerability against memory attacks. This is an introductory note to highlight that even if we restrict ourselves to device-dependent QKD and only consider a single protocol instance, memory effects across rounds are enough to cause substantial difficulties in applying many exi…
▽ More
In device-independent cryptography, it is known that reuse of devices across multiple protocol instances can introduce a vulnerability against memory attacks. This is an introductory note to highlight that even if we restrict ourselves to device-dependent QKD and only consider a single protocol instance, memory effects across rounds are enough to cause substantial difficulties in applying many existing non-IID proof techniques, such as de Finetti reductions and complementarity-based arguments (e.g. analysis of phase errors). We present a quick discussion of these issues, including some tailored scenarios where protocols admitting security proofs via those techniques become insecure when memory effects are allowed, and we highlight connections to recently discussed attacks on DIQKD protocols that have public announcements based on the measurement outcomes. This discussion indicates the challenges that would need to be addressed in order to apply those techniques in the presence of memory effects (for either the device-dependent or device-independent case), even for a single protocol instance.
△ Less
Submitted 15 August, 2023;
originally announced August 2023.
-
Robustness of implemented device-independent protocols against constrained leakage
Authors:
Ernest Y. -Z. Tan
Abstract:
Device-independent (DI) protocols have experienced significant progress in recent years, with a series of demonstrations of DI randomness generation or expansion, as well as DI quantum key distribution. However, existing security proofs for those demonstrations rely on a typical assumption in DI cryptography, that the devices do not leak any unwanted information to each other or to an adversary. T…
▽ More
Device-independent (DI) protocols have experienced significant progress in recent years, with a series of demonstrations of DI randomness generation or expansion, as well as DI quantum key distribution. However, existing security proofs for those demonstrations rely on a typical assumption in DI cryptography, that the devices do not leak any unwanted information to each other or to an adversary. This assumption may be difficult to perfectly enforce in practice. While there exist other DI security proofs that account for a constrained amount of such leakage, the techniques used are somewhat unsuited for analyzing the recent DI protocol demonstrations. In this work, we address this issue by studying a constrained leakage model suited for this purpose, which should also be relevant for future similar experiments. Our proof structure is compatible with recent proof techniques for flexibly analyzing a wide range of DI protocol implementations. With our approach, we compute some estimates of the effects of leakage on the keyrates of those protocols, hence providing a clearer understanding of the amount of leakage that can be allowed while still obtaining positive keyrates.
△ Less
Submitted 4 July, 2023; v1 submitted 27 February, 2023;
originally announced February 2023.
-
The Quantum Chernoff Divergence in Advantage Distillation for QKD and DIQKD
Authors:
Mikka Stasiuk,
Norbert Lütkenhaus,
Ernest Y. -Z. Tan
Abstract:
Device-independent quantum key distribution (DIQKD) aims to mitigate adversarial exploitation of imperfections in quantum devices, by providing an approach for secret key distillation with modest security assumptions. Advantage distillation, a two-way communication procedure in error correction, has proven effective in raising noise tolerances in both device-dependent and device-independent QKD. P…
▽ More
Device-independent quantum key distribution (DIQKD) aims to mitigate adversarial exploitation of imperfections in quantum devices, by providing an approach for secret key distillation with modest security assumptions. Advantage distillation, a two-way communication procedure in error correction, has proven effective in raising noise tolerances in both device-dependent and device-independent QKD. Previously, device-independent security proofs against IID collective attacks were developed for an advantage distillation protocol known as the repetition-code protocol, based on security conditions involving the fidelity between some states in the protocol. However, there exists a gap between the sufficient and necessary security conditions, which hinders the calculation of tight noise-tolerance bounds based on the fidelity. We close this gap by presenting an alternative proof structure that replaces the fidelity with the quantum Chernoff divergence, a distinguishability measure that arises in symmetric hypothesis testing. Working in the IID collective attacks model, we derive matching sufficient and necessary conditions for the repetition-code protocol to be secure (up to a natural conjecture regarding the latter case) in terms of the quantum Chernoff divergence, hence indicating that this serves as the relevant quantity of interest for this protocol. Furthermore, using this security condition we obtain some improvements over previous results on the noise tolerance thresholds for DIQKD. Our results provide insight into a fundamental question in quantum information theory regarding the circumstances under which DIQKD is possible.
△ Less
Submitted 20 December, 2022; v1 submitted 13 December, 2022;
originally announced December 2022.
-
Lipschitz continuity of quantum-classical conditional entropies with respect to angular distance and related properties
Authors:
Michael Liaofan Liu,
Florian Kanitschar,
Amir Arqand,
Ernest Y. -Z. Tan
Abstract:
We derive a Lipschitz continuity bound for quantum-classical conditional entropies with respect to angular distance, with a Lipschitz constant that is independent of the dimension of the conditioning system. This bound is sharper in some situations than previous continuity bounds, which were either based on trace distance (where Lipschitz continuity is not possible), or based on angular distance b…
▽ More
We derive a Lipschitz continuity bound for quantum-classical conditional entropies with respect to angular distance, with a Lipschitz constant that is independent of the dimension of the conditioning system. This bound is sharper in some situations than previous continuity bounds, which were either based on trace distance (where Lipschitz continuity is not possible), or based on angular distance but did not include a conditioning system. However, we find that the bound does not directly generalize to fully quantum conditional entropies. To investigate possible counterexamples in that setting, we study the characterization of states which saturate the Fuchs--van de Graaf inequality and thus have angular distance approximately equal to trace distance. We give an exact characterization of such states in the invertible case. For the noninvertible case, we show that the situation appears to be significantly more elaborate, and seems to be strongly connected to the question of characterizing the set of fidelity-preserving measurements.
△ Less
Submitted 22 March, 2023; v1 submitted 10 October, 2022;
originally announced October 2022.
-
Device-independent uncloneable encryption
Authors:
Srijita Kundu,
Ernest Y. -Z. Tan
Abstract:
Uncloneable encryption, first introduced by Broadbent and Lord (TQC 2020) is a quantum encryption scheme in which a quantum ciphertext cannot be distributed between two non-communicating parties such that, given access to the decryption key, both parties cannot learn the underlying plaintext. In this work, we introduce a variant of uncloneable encryption in which several possible decryption keys c…
▽ More
Uncloneable encryption, first introduced by Broadbent and Lord (TQC 2020) is a quantum encryption scheme in which a quantum ciphertext cannot be distributed between two non-communicating parties such that, given access to the decryption key, both parties cannot learn the underlying plaintext. In this work, we introduce a variant of uncloneable encryption in which several possible decryption keys can decrypt a particular encryption, and the security requirement is that two parties who receive independently generated decryption keys cannot both learn the underlying ciphertext. We show that this variant of uncloneable encryption can be achieved device-independently, i.e., without trusting the quantum states and measurements used in the scheme, and that this variant works just as well as the original definition in constructing quantum money. Moreover, we show that a simple modification of our scheme yields a single-decryptor encryption scheme, which was a related notion introduced by Georgiou and Zhandry. In particular, the resulting single-decryptor encryption scheme achieves device-independent security with respect to a standard definition of security against random plaintexts. Finally, we derive an "extractor" result for a two-adversary scenario, which in particular yields a single-decryptor encryption scheme for single bit-messages that achieves perfect anti-piracy security without needing the quantum random oracle model.
△ Less
Submitted 8 October, 2023; v1 submitted 3 October, 2022;
originally announced October 2022.
-
Security of device-independent quantum key distribution protocols: a review
Authors:
Ignatius W. Primaatmaja,
Koon Tong Goh,
Ernest Y. -Z. Tan,
John T. -F. Khoo,
Shouvik Ghorai,
Charles C. -W. Lim
Abstract:
Device-independent quantum key distribution (DI-QKD) is often seen as the ultimate key exchange protocol in terms of security, as it can be performed securely with uncharacterised black-box devices. The advent of DI-QKD closes several loopholes and side-channels that plague current QKD systems. While implementing DI-QKD protocols is technically challenging, there have been recent proof-of-principl…
▽ More
Device-independent quantum key distribution (DI-QKD) is often seen as the ultimate key exchange protocol in terms of security, as it can be performed securely with uncharacterised black-box devices. The advent of DI-QKD closes several loopholes and side-channels that plague current QKD systems. While implementing DI-QKD protocols is technically challenging, there have been recent proof-of-principle demonstrations, resulting from the progress made in both theory and experiments. In this review, we will provide an introduction to DI-QKD, an overview of the related experiments performed, and the theory and techniques required to analyse its security. We conclude with an outlook on future DI-QKD research.
△ Less
Submitted 17 February, 2023; v1 submitted 10 June, 2022;
originally announced June 2022.
-
Prospects for device-independent quantum key distribution
Authors:
Ernest Y. -Z. Tan
Abstract:
Device-independent quantum key distribution (DIQKD) aims to achieve secure key distribution with only minimal assumptions, by basing its security on the violation of Bell inequalities. While this offers strong security guarantees, it comes at the cost of being challenging to implement experimentally. In this thesis, we present security proofs for several techniques that help to improve the keyrate…
▽ More
Device-independent quantum key distribution (DIQKD) aims to achieve secure key distribution with only minimal assumptions, by basing its security on the violation of Bell inequalities. While this offers strong security guarantees, it comes at the cost of being challenging to implement experimentally. In this thesis, we present security proofs for several techniques that help to improve the keyrates and noise tolerance of DIQKD, such as noisy preprocessing, random key measurements, and advantage distillation. We also show finite-size security proofs for some protocols based on combining several of these techniques. These results and proof techniques should be useful for further development of DIQKD protocols.
△ Less
Submitted 25 May, 2024; v1 submitted 23 November, 2021;
originally announced November 2021.
-
Experimental quantum key distribution certified by Bell's theorem
Authors:
D. P. Nadlinger,
P. Drmota,
B. C. Nichol,
G. Araneda,
D. Main,
R. Srinivas,
D. M. Lucas,
C. J. Ballance,
K. Ivanov,
E. Y-Z. Tan,
P. Sekatski,
R. L. Urbanke,
R. Renner,
N. Sangouard,
J-D. Bancal
Abstract:
Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorisation to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols like the one proposed by Bennett and Brassard provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. H…
▽ More
Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorisation to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols like the one proposed by Bennett and Brassard provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. However, quantum protocols realised so far are subject to a new class of attacks exploiting implementation defects in the physical devices involved, as demonstrated in numerous ingenious experiments. Following the pioneering work of Ekert proposing the use of entanglement to bound an adversary's information from Bell's theorem, we present here the experimental realisation of a complete quantum key distribution protocol immune to these vulnerabilities. We achieve this by combining theoretical developments on finite-statistics analysis, error correction, and privacy amplification, with an event-ready scheme enabling the rapid generation of high-fidelity entanglement between two trapped-ion qubits connected by an optical fibre link. The secrecy of our key is guaranteed device-independently: it is based on the validity of quantum theory, and certified by measurement statistics observed during the experiment. Our result shows that provably secure cryptography with real-world devices is possible, and paves the way for further quantum information applications based on the device-independence principle.
△ Less
Submitted 5 September, 2023; v1 submitted 29 September, 2021;
originally announced September 2021.
-
De Finetti Theorems for Quantum Conditional Probability Distributions with Symmetry
Authors:
Sven Jandura,
Ernest Y. -Z. Tan
Abstract:
The aim of device-independent quantum key distribution (DIQKD) is to study protocols that allow the generation of a secret shared key between two parties under minimal assumptions on the devices that produce the key. These devices are merely modeled as black boxes and mathematically described as conditional probability distributions. A major obstacle in the analysis of DIQKD protocols is the huge…
▽ More
The aim of device-independent quantum key distribution (DIQKD) is to study protocols that allow the generation of a secret shared key between two parties under minimal assumptions on the devices that produce the key. These devices are merely modeled as black boxes and mathematically described as conditional probability distributions. A major obstacle in the analysis of DIQKD protocols is the huge space of possible black box behaviors. De Finetti theorems can help to overcome this problem by reducing the analysis to black boxes that have an iid structure. Here we show two new de Finetti theorems that relate conditional probability distributions in the quantum set to de Finetti distributions (convex combinations of iid distributions), that are themselves in the quantum set. We also show how one of these de Finetti theorems can be used to enforce some restrictions onto the attacker of a DIQKD protocol. Finally we observe that some desirable strengthenings of this restriction, for instance to collective attacks only, are not straightforwardly possible.
△ Less
Submitted 31 August, 2023; v1 submitted 18 August, 2021;
originally announced August 2021.
-
Fidelity Bounds for Device-Independent Advantage Distillation
Authors:
Thomas A. Hahn,
Ernest Y. -Z. Tan
Abstract:
It is known that advantage distillation (that is, information reconciliation using two-way communication) improves noise tolerances for quantum key distribution (QKD) setups. Two-way communication is hence also of interest in the device-independent case, where noise tolerance bounds for one-way error correction are currently too low to be experimentally feasible. Existing security proofs for the d…
▽ More
It is known that advantage distillation (that is, information reconciliation using two-way communication) improves noise tolerances for quantum key distribution (QKD) setups. Two-way communication is hence also of interest in the device-independent case, where noise tolerance bounds for one-way error correction are currently too low to be experimentally feasible. Existing security proofs for the device-independent repetition-code protocol (the most prominent form of advantage distillation) rely on fidelity-related security conditions, but previous bounds on the fidelity were not tight. We improve on those results by developing an algorithm that returns arbitrarily tight lower bounds on the fidelity. Our results give new insight on how strong the fidelity-related security conditions are, and could also be used to compute some lower bounds on one-way protocol keyrates. Finally, we conjecture a necessary security condition for the protocol studied in this work, that naturally complements the existing sufficient conditions.
△ Less
Submitted 8 January, 2023; v1 submitted 7 May, 2021;
originally announced May 2021.
-
Improved DIQKD protocols with finite-size analysis
Authors:
Ernest Y. -Z. Tan,
Pavel Sekatski,
Jean-Daniel Bancal,
René Schwonnek,
Renato Renner,
Nicolas Sangouard,
Charles C. -W. Lim
Abstract:
The security of finite-length keys is essential for the implementation of device-independent quantum key distribution (DIQKD). Presently, there are several finite-size DIQKD security proofs, but they are mostly focused on standard DIQKD protocols and do not directly apply to the recent improved DIQKD protocols based on noisy preprocessing, random key measurements, and modified CHSH inequalities. H…
▽ More
The security of finite-length keys is essential for the implementation of device-independent quantum key distribution (DIQKD). Presently, there are several finite-size DIQKD security proofs, but they are mostly focused on standard DIQKD protocols and do not directly apply to the recent improved DIQKD protocols based on noisy preprocessing, random key measurements, and modified CHSH inequalities. Here, we provide a general finite-size security proof that can simultaneously encompass these approaches, using tighter finite-size bounds than previous analyses. In doing so, we develop a method to compute tight lower bounds on the asymptotic keyrate for any such DIQKD protocol with binary inputs and outputs. With this, we show that positive asymptotic keyrates are achievable up to depolarizing noise values of $9.33\%$, exceeding all previously known noise thresholds. We also develop a modification to random-key-measurement protocols, using a pre-shared seed followed by a "seed recovery" step, which yields substantially higher net key generation rates by essentially removing the sifting factor. Some of our results may also improve the keyrates of device-independent randomness expansion.
△ Less
Submitted 23 July, 2023; v1 submitted 15 December, 2020;
originally announced December 2020.
-
Composably secure device-independent encryption with certified deletion
Authors:
Srijita Kundu,
Ernest Y. -Z. Tan
Abstract:
We study the task of encryption with certified deletion (ECD) introduced by Broadbent and Islam (2020), but in a device-independent setting: we show that it is possible to achieve this task even when the honest parties do not trust their quantum devices. Moreover, we define security for the ECD task in a composable manner and show that our ECD protocol satisfies conditions that lead to composable…
▽ More
We study the task of encryption with certified deletion (ECD) introduced by Broadbent and Islam (2020), but in a device-independent setting: we show that it is possible to achieve this task even when the honest parties do not trust their quantum devices. Moreover, we define security for the ECD task in a composable manner and show that our ECD protocol satisfies conditions that lead to composable security. Our protocol is based on device-independent quantum key distribution (DIQKD), and in particular the parallel DIQKD protocol based on the magic square non-local game, given by Jain, Miller and Shi (2020). To achieve certified deletion, we use a property of the magic square game observed by Fu and Miller (2018), namely that a two-round variant of the game can be used to certify deletion of a single random bit. In order to achieve certified deletion security for arbitrarily long messages from this property, we prove a parallel repetition theorem for two-round non-local games, which may be of independent interest.
△ Less
Submitted 1 July, 2023; v1 submitted 25 November, 2020;
originally announced November 2020.
-
Device-independent quantum key distribution from generalized CHSH inequalities
Authors:
P. Sekatski,
J. -D. Bancal,
X. Valcarce,
E. Y. -Z. Tan,
R. Renner,
N. Sangouard
Abstract:
Device-independent quantum key distribution aims at providing security guarantees even when using largely uncharacterised devices. In the simplest scenario, these guarantees are derived from the CHSH score, which is a simple linear combination of four correlation functions. We here derive a security proof from a generalisation of the CHSH score, which effectively takes into account the individual…
▽ More
Device-independent quantum key distribution aims at providing security guarantees even when using largely uncharacterised devices. In the simplest scenario, these guarantees are derived from the CHSH score, which is a simple linear combination of four correlation functions. We here derive a security proof from a generalisation of the CHSH score, which effectively takes into account the individual values of two correlation functions. We show that this additional information, which is anyway available in practice, allows one to get higher key rates than with the CHSH score. We discuss the potential advantage of this technique for realistic photonic implementations of device-independent quantum key distribution.
△ Less
Submitted 16 April, 2021; v1 submitted 3 September, 2020;
originally announced September 2020.
-
Turns in Hamilton cycles of rectangular grids
Authors:
Ethan Y. Tan,
Guowen Zhang
Abstract:
For a Hamilton cycle in a rectangular $m \times n$ grid, what is the greatest number of turns that can occur? We give the exact answer in several cases and an answer up to an additive error of $2$ in all other cases. In particular, we give a new proof of the result of Beluhov for the case of a square $n \times n$ grid. Our main method is a surprising link between the problem of 'greatest number of…
▽ More
For a Hamilton cycle in a rectangular $m \times n$ grid, what is the greatest number of turns that can occur? We give the exact answer in several cases and an answer up to an additive error of $2$ in all other cases. In particular, we give a new proof of the result of Beluhov for the case of a square $n \times n$ grid. Our main method is a surprising link between the problem of 'greatest number of turns' and the problem of 'least number of turns'.
△ Less
Submitted 20 July, 2020; v1 submitted 17 July, 2020;
originally announced July 2020.
-
A device-independent protocol for XOR oblivious transfer
Authors:
Srijita Kundu,
Jamie Sikora,
Ernest Y. -Z. Tan
Abstract:
Oblivious transfer is a cryptographic primitive where Alice has two bits and Bob wishes to learn some function of them. Ideally, Alice should not learn Bob's desired function choice and Bob should not learn any more than what is logically implied by the function value. While decent quantum protocols for this task are known, many become completely insecure if an adversary were to control the quantu…
▽ More
Oblivious transfer is a cryptographic primitive where Alice has two bits and Bob wishes to learn some function of them. Ideally, Alice should not learn Bob's desired function choice and Bob should not learn any more than what is logically implied by the function value. While decent quantum protocols for this task are known, many become completely insecure if an adversary were to control the quantum devices used in the implementation of the protocol. In this work we give a fully device-independent quantum protocol for XOR oblivious transfer.
△ Less
Submitted 17 May, 2022; v1 submitted 11 June, 2020;
originally announced June 2020.
-
Noisy pre-processing facilitating a photonic realisation of device-independent quantum key distribution
Authors:
M. Ho,
P. Sekatski,
E. Y. -Z. Tan,
R. Renner,
J. -D. Bancal,
N. Sangouard
Abstract:
Device-independent quantum key distribution provides security even when the equipment used to communicate over the quantum channel is largely uncharacterized. An experimental demonstration of device-independent quantum key distribution is however challenging. A central obstacle in photonic implementations is that the global detection efficiency, i.e., the probability that the signals sent over the…
▽ More
Device-independent quantum key distribution provides security even when the equipment used to communicate over the quantum channel is largely uncharacterized. An experimental demonstration of device-independent quantum key distribution is however challenging. A central obstacle in photonic implementations is that the global detection efficiency, i.e., the probability that the signals sent over the quantum channel are successfully received, must be above a certain threshold. We here propose a method to significantly relax this threshold, while maintaining provable device-independent security. This is achieved with a protocol that adds artificial noise, which cannot be known or controlled by an adversary, to the initial measurement data (the raw key). Focusing on a realistic photonic setup using a source based on spontaneous parametric down conversion, we give explicit bounds on the minimal required global detection efficiency.
△ Less
Submitted 26 May, 2020;
originally announced May 2020.
-
Device-Independent Quantum Key Distribution with Random Key Basis
Authors:
Rene Schwonnek,
Koon Tong Goh,
Ignatius W. Primaatmaja,
Ernest Y. -Z. Tan,
Ramona Wolf,
Valerio Scarani,
Charles C. -W. Lim
Abstract:
Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to distribute secret keys in an insecure network. It thus represents the ultimate form of cryptography, offering not only information-theoretic security against channel attacks, but also against attacks exploiting implementation loopholes. In recent years, much progress has been made towards realising the fir…
▽ More
Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to distribute secret keys in an insecure network. It thus represents the ultimate form of cryptography, offering not only information-theoretic security against channel attacks, but also against attacks exploiting implementation loopholes. In recent years, much progress has been made towards realising the first DIQKD experiments, but current proposals are just out of reach of today's loophole-free Bell experiments. Here, we significantly narrow the gap between the theory and practice of DIQKD with a simple variant of the original protocol based on the celebrated Clauser-Horne-Shimony-Holt (CHSH) Bell inequality. By using two randomly chosen key generating bases instead of one, we show that our protocol significantly improves over the original DIQKD protocol, enabling positive keys in the high noise regime for the first time. We also compute the finite-key security of the protocol for general attacks, showing that approximately 1E8 to 1E10 measurement rounds are needed to achieve positive rates using state-of-the-art experimental parameters. Our proposed DIQKD protocol thus represents a highly promising path towards the first realisation of DIQKD in practice.
△ Less
Submitted 19 May, 2021; v1 submitted 6 May, 2020;
originally announced May 2020.
-
Computing secure key rates for quantum key distribution with untrusted devices
Authors:
Ernest Y. -Z. Tan,
René Schwonnek,
Koon Tong Goh,
Ignatius William Primaatmaja,
Charles C. -W. Lim
Abstract:
Device-independent quantum key distribution (DIQKD) provides the strongest form of secure key exchange, using only the input-output statistics of the devices to achieve information-theoretic security. Although the basic security principles of DIQKD are now well-understood, it remains a technical challenge to derive reliable and robust security bounds for advanced DIQKD protocols that go beyond the…
▽ More
Device-independent quantum key distribution (DIQKD) provides the strongest form of secure key exchange, using only the input-output statistics of the devices to achieve information-theoretic security. Although the basic security principles of DIQKD are now well-understood, it remains a technical challenge to derive reliable and robust security bounds for advanced DIQKD protocols that go beyond the previous results based on violations of the CHSH inequality. In this work, we present a framework based on semi-definite programming that gives reliable lower bounds on the asymptotic secret key rate of any QKD protocol using untrusted devices. In particular, our method can in principle be utilized to find achievable secret key rates for any DIQKD protocol, based on the full input-output probability distribution or any choice of Bell inequality. Our method also extends to other DI cryptographic tasks.
△ Less
Submitted 3 November, 2021; v1 submitted 29 August, 2019;
originally announced August 2019.
-
Advantage distillation for device-independent quantum key distribution
Authors:
Ernest Y. -Z. Tan,
Charles C. -W. Lim,
Renato Renner
Abstract:
We derive a sufficient condition for advantage distillation to be secure against collective attacks in device-independent quantum key distribution (DIQKD), focusing on the repetition-code protocol. In addition, we describe a semidefinite programming method to check whether this condition holds for any probability distribution obtained in a DIQKD protocol. Applying our method to various probability…
▽ More
We derive a sufficient condition for advantage distillation to be secure against collective attacks in device-independent quantum key distribution (DIQKD), focusing on the repetition-code protocol. In addition, we describe a semidefinite programming method to check whether this condition holds for any probability distribution obtained in a DIQKD protocol. Applying our method to various probability distributions, we find that advantage distillation is possible up to depolarising-noise values of $q \approx 9.1\%$ or limited detector efficiencies of $η\approx 89.1\%$ in a 2-input 2-output scenario. This exceeds the noise thresholds of $q \approx 7.1\%$ and $η\approx 90.7\%$ respectively for DIQKD with one-way error correction using the CHSH inequality, thereby showing that it is possible to distill secret key beyond those thresholds.
△ Less
Submitted 17 May, 2020; v1 submitted 25 March, 2019;
originally announced March 2019.
-
Measurement-dependent locality beyond i.i.d
Authors:
Ernest Y. -Z. Tan,
Yu Cai,
Valerio Scarani
Abstract:
When conducting a Bell test, it is normal to assume that the preparation of the quantum state is independent of the measurements performed on it. Remarkably, the violation of local realism by entangled quantum systems can be certified even if this assumption is partially relaxed. Here, we allow such measurement dependence to correlate multiple runs of the experiment, going beyond previous studies…
▽ More
When conducting a Bell test, it is normal to assume that the preparation of the quantum state is independent of the measurements performed on it. Remarkably, the violation of local realism by entangled quantum systems can be certified even if this assumption is partially relaxed. Here, we allow such measurement dependence to correlate multiple runs of the experiment, going beyond previous studies that considered independent and identically distributed (i.i.d.) runs. To do so, we study the polytope that defines block-i.i.d. measurement-dependent local models. We prove that non-i.i.d. models are strictly more powerful than i.i.d. ones, and comment on the relevance of this work for the study of randomness amplification in simple Bell scenarios with suitably optimised inequalities.
△ Less
Submitted 30 May, 2016;
originally announced May 2016.
-
Entanglement witness via symmetric two-body correlations
Authors:
Ernest Y. -Z. Tan,
Dagomir Kaszlikowski,
L. C. Kwek
Abstract:
We construct an entanglement witness for many-qubit systems, based on symmetric two-body correlations with two measurement settings. This witness is able to detect the entanglement of some Dicke states for any number of particles, and such detection exhibits some robustness against white noise and thermal noise under the Lipkin-Meshkov-Glick Hamiltonian. In addition, it detects the entanglement of…
▽ More
We construct an entanglement witness for many-qubit systems, based on symmetric two-body correlations with two measurement settings. This witness is able to detect the entanglement of some Dicke states for any number of particles, and such detection exhibits some robustness against white noise and thermal noise under the Lipkin-Meshkov-Glick Hamiltonian. In addition, it detects the entanglement of spin-squeezed states, with a detection strength that approaches the maximal value for sufficiently large numbers of particles. As spin-squeezed states can be experimentally generated, the properties of the witness with respect to these states may be amenable to experimental investigation. Finally, we show that while the witness is unable to detect GHZ states, it is instead able to detect superpositions of Dicke states with GHZ states.
△ Less
Submitted 14 January, 2016; v1 submitted 8 November, 2015;
originally announced November 2015.