Devashish Tupkary

Protocol security of quantum key distribution (QKD) protocols refers to the derivation of a rigorous mathematical statement asserting the security the protocol, starting from a precise mathematical model of the protocol. In this tutorial, we will introduce key concepts required to construct such proofs. We will highlight common gaps in the existing literature and discuss how they can be addressed. We will provide a brief overview of the different security proof techniques available, outlining how they work and comparing their strengths and limitations.

We present a security proof for variable-length QKD against IID collective attacks. Our proof can be lifted to coherent attacks using the postselection technique. Our first main result is a theorem to convert a sequence of security proofs for fixed-length protocols satisfying certain conditions to a security proof for a variable-length protocol. This conversion requires no new calculations, does not require any changes to the final key lengths or the amount of error-correction information, and at most doubles the security parameter. Our second main result is the description and security proof of a more general class of variable-length QKD protocols, which does not require characterizing the honest behaviour of the channel connecting the users before the execution of the QKD protocol. Instead, these protocols adaptively determine the length of the final key, and the amount of information to be used for error-correction, based upon the observations made during the protocol. We apply these results to the qubit BB84 protocol, and show that variable-length implementations lead to higher expected key rates than the fixed-length implementations. Finally, we point out a critical flaw in the analysis of privacy amplification that arises due to sifting. We provide an elegant solution that retroactively fixes this flaw.

Proving the security of quantum key distribution (QKD) protocols against arbitrary attacks is a challenging task for arbitrary protocols. Here, we accomplish this task by extending and improving both the decoy-state analysis against collective attacks, and the postselection technique to uplift this security proof to arbitrary attacks. First, we improve the postselection technique - both by improving the cost paid for the uplift, and by rigorously showing how it can be applied to generic optical protocols. Second, we fundamentally improve the decoy-state analysis in such a way that we require only one decoy intensity to achieve the same performance as prior analysis with two decoy intensities. This has two consequences - it makes the protocol easier to practically implement, and reduces the penalty incurred by using the postselection technique. Third, we extend the finite-size QKD analysis to decoy-state protocols and generically improve the finite-size correction terms that appear. Thus, we provide a full security proof against arbitrary attacks for generic decoy-state protocols.

Security proofs for quantum key distribution (QKD) based on the entropic uncertainty relations and the phase-error approach have the advantage of producing some of the tightest key rates against coherent attacks. We prove the security of QKD using the entropic uncertainty relations, for scenarios where Eve is allowed full control of the detection efficiency and dark rates of all detectors within some specified ranges. Thus, our work solves the practically important problem of detector side channels. Our work also removes the requirement of ``basis-independent loss'' required by these proof techniques. Thus, we render these proof techniques applicable to practical QKD scenarios. Furthermore, we prove security for variable-length QKD protocols, which do not require Alice and Bob to characterize the honest behaviour of the channel.

Quantum key distribution (QKD) promises information-theoretic security based on quantum mechanics, but practical implementations face security vulnerabilities due to device imperfections. While recent advances have separately addressed source and detector imperfections, real-world QKD systems suffer from both simultaneously. Here, we demonstrate that existing phase-error-estimation-based security proof techniques can be integrated into a unified security proof that simultaneously accounts for both types of imperfections. This represents an important step toward closing the gap between theoretical security proofs and practical QKD implementations.

In recent years, quantum key distribution (QKD) has transitioned from a purely academic field to a commercially available cryptographic solution, supported by mathematically formulated security proofs. However, due to the fragmented nature of the literature, obtaining a comprehensive understanding of these proofs and their limitations remains a considerable challenge. Our work addresses this by providing a rigorous finite-size security proof for the 1-decoy and 2-decoy BB84 protocols against coherent attacks, based on Renner's entropic uncertainty relation (EUR) framework. We resolve key technical issues in previous analyses, including the treatment of fixed-length protocols and acceptance testing. Special attention is given to the 1-decoy protocol, where statistics are computed after error correction, leading to important subtleties when applying the entropic uncertainty relation. By unifying and refining results from the literature, our work contributes to a more robust and accessible understanding of QKD security.

We discuss the status of security proofs for practical decoy-state Quantum Key Distribution using the BB84 protocol, pertaining to optical implementations using weak coherent pulses and threshold photo-detectors. Our focus is on the gaps in the existing literature. Gaps might result, for example, from a mismatch of protocol detail choices and proof technique elements, from proofs relying on earlier results that made different assumptions, or from protocol choices that do not consider real-world requirements. While substantial progress has been made, our overview draws attention to the details that still require our attention.

We provide a security proof for quantum key distribution (QKD) protocols using passive detection setups within the entropic uncertainty relation (EUR) framework. Passive detection avoids the need for active basis choice but introduces challenges due to beam splitters and imperfections in detectors. We show how to define and bound the phase-error rate in passive detection setups, even when detector imperfections are not precisely known but lie within known ranges. Our analysis applies in the finite-size regime against general coherent attacks.

We point out a critical flaw in the analysis of Quantum Key Distribution (QKD) protocols that employ the two-way error correction protocol Cascade. Specifically, this flaw stems from an incom-plete consideration of all two-way communication that occurs during the Cascade protocol. We present a straightforward and elegant alternative approach that addresses this flaw and produces valid key rates. We exemplify our new approach by comparing its key rates with those generated using older, incorrect approaches, for Qubit BB84 and Decoy-State BB84 protocols. We show that in many practically relevant situations, our rectified approach produces the same key rate as older, incorrect approaches. However, in other scenarios, our approach produces valid key rates that are lower, highlighting the importance of properly accounting for all two-way communication during Cascade.

The postselection technique is a widely used tool to lift the security of Quantum Key Distribution (QKD) protocols against IID collective attacks to coherent attacks. While various other approaches for proving security against coherent attacks exist, they have limitations that make them less suitable for typical optical prepare-and-measure protocols. We identify and address some limitations of the postselection technique as applied to optical prepare-and-measure QKD protocols. We extend this analysis to decoy-state protocols, which are essential for long-distance QKD. Finally, we also improve the practical applicability of the postselection technique. Thus, we argue that the postselection technique, with the relevant modifications, is the only lift to coherent attacks that can be broadly applied to optical implementations of generic prepare-and-measure QKD protocols.