Jerome Wiesemann

In recent years, quantum key distribution (QKD) has transitioned from a purely academic field to a commercially available cryptographic solution, supported by mathematically formulated security proofs. However, due to the fragmented nature of the literature, obtaining a comprehensive understanding of these proofs and their limitations remains a considerable challenge. Our work addresses this by providing a rigorous finite-size security proof for the 1-decoy and 2-decoy BB84 protocols against coherent attacks, based on Renner's entropic uncertainty relation (EUR) framework. We resolve key technical issues in previous analyses, including the treatment of fixed-length protocols and acceptance testing. Special attention is given to the 1-decoy protocol, where statistics are computed after error correction, leading to important subtleties when applying the entropic uncertainty relation. By unifying and refining results from the literature, our work contributes to a more robust and accessible understanding of QKD security.

Quantum key distribution (QKD) is at the verge of becoming a commercially viable security solution, backed by mathematically formulated security proofs. In the last two decades, much effort has been devoted to closing the gap between the models and practical implementations in order to account for device imperfections and counter the resulting side-channel attacks. As a result, the topic of evaluating and certifying QKD systems against these attacks is increasingly coming to the forefront. This last step however presents its own challenges, currently hindering the widespread adoption of QKD. In this work, we lay at the intersection between theory and practice, focusing on the process of preparing an in-house QKD system for evaluation. We first present a consolidated and accessible security proof for the one-decoy and two-decoy state BB84 protocols, which serves as a baseline for our QKD system. Building on this security proof, we identify the critical side-channels by evaluating the risk of most of today's known attacks. We then tackle the most critical attacks by discussing existing countermeasures that can be implemented both in the QKD system and within the security proof, where applicable. In this process, we develop new methods to characterize and evaluate QKD systems, which can later be used in evaluation laboratories. Evaluating the security of QKD systems additionally involves performing attacks to potentially identify new loopholes. Thus, we also aim to perform the first real-time Trojan horse attack on a decoy state BB84 system, further highlighting the need for robust countermeasures. By providing a critical evaluation of our QKD system and incorporating robust countermeasures against side-channel attacks, our research contributes to advancing the practical implementation and evaluation of QKD as a trusted security solution.