Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Generalized Rényi entropy accumulation theorem and generalized quantum probability estimation

Amir Arqand, Thomas A. Hahn, Ernest Y. -Z. Tan

TL;DR

This work delivers a fully Rényi-compatible bound for entropy accumulation that eliminates the need for affine min-tradeoff functions, dramatically improving finite-size performance in both device-independent and device-dependent cryptographic settings. By introducing quantum estimation score-systems (QES) and establishing QES chaining within the GEAT framework, it reduces the key-rate analysis to convex optimizations over single-round data, enabling straightforward computations of per-round entropy contributions. The approach yields both variable-length and fixed-length protocol bounds and shows strong alignment with, and generalization of, prior QEF-based methods while extending applicability to prepare-and-measure scenarios. Concrete applications include BB84-like QKD and DIRE, with numerical illustrations indicating substantial improvements over prior EAT/GEAT bounds and the potential for fully Rényi security proofs.

Abstract

The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging to construct optimally in practice. In this work, we address both of these challenges simultaneously by deriving a new entropy accumulation bound. Our bound yields significantly better finite-size performance, and can be computed as an intuitively interpretable convex optimization, without any specification of affine min-tradeoff functions. Furthermore, it can be applied directly at the level of Rényi entropies if desired, yielding fully-Rényi security proofs. Our proof techniques are based on elaborating on a connection between entropy accumulation and the frameworks of quantum probability estimation or $f$-weighted Rényi entropies, and in the process we obtain some new results with respect to those frameworks as well. In particular, those findings imply that our bounds apply to prepare-and-measure protocols without the virtual tomography procedures or repetition-rate restrictions previously required for entropy accumulation.

Generalized Rényi entropy accumulation theorem and generalized quantum probability estimation

TL;DR

This work delivers a fully Rényi-compatible bound for entropy accumulation that eliminates the need for affine min-tradeoff functions, dramatically improving finite-size performance in both device-independent and device-dependent cryptographic settings. By introducing quantum estimation score-systems (QES) and establishing QES chaining within the GEAT framework, it reduces the key-rate analysis to convex optimizations over single-round data, enabling straightforward computations of per-round entropy contributions. The approach yields both variable-length and fixed-length protocol bounds and shows strong alignment with, and generalization of, prior QEF-based methods while extending applicability to prepare-and-measure scenarios. Concrete applications include BB84-like QKD and DIRE, with numerical illustrations indicating substantial improvements over prior EAT/GEAT bounds and the potential for fully Rényi security proofs.

Abstract

The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging to construct optimally in practice. In this work, we address both of these challenges simultaneously by deriving a new entropy accumulation bound. Our bound yields significantly better finite-size performance, and can be computed as an intuitively interpretable convex optimization, without any specification of affine min-tradeoff functions. Furthermore, it can be applied directly at the level of Rényi entropies if desired, yielding fully-Rényi security proofs. Our proof techniques are based on elaborating on a connection between entropy accumulation and the frameworks of quantum probability estimation or -weighted Rényi entropies, and in the process we obtain some new results with respect to those frameworks as well. In particular, those findings imply that our bounds apply to prepare-and-measure protocols without the virtual tomography procedures or repetition-rate restrictions previously required for entropy accumulation.
Paper Structure (37 sections, 26 theorems, 221 equations, 2 figures, 1 table, 1 algorithm)

This paper contains 37 sections, 26 theorems, 221 equations, 2 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Summary of key results for applications
  3. MDI and decoy-state protocols:
  4. DI protocols:
  5. Paper structure
  6. Preliminaries
  7. GEAT channels
  8. Deriving QEF-type bounds from the GEAT
  9. Quantum estimation score-systems (QES)
  10. QES chaining or accumulation
  11. Applications
  12. The [HB24] approach (variable-length protocols)
  13. The [ZFK20] approach (fixed-length protocols)
  14. Simplified versions
  15. Main results
  16. ...and 22 more sections

Key Result

Corollary 1.1

Let $\rho_{S_1^n \widehat{C}_1^n T_1^n \widehat{E}}$ be a state of the form in Eq. eq:PMstate, for an initial state $\omega^0_{\widetilde{A}_1^n \widetilde{B}_1^n \widehat{E}}$ satisfying $\omega^0_{\widetilde{A}_1^n} = \sigma_{\widetilde{A}}^{\otimes n}$ for some state $\sigma_{\widetilde{A}}$, and where $\boldsymbol{\nu}_{\widehat{C}}$ denotes the probability distribution on the classical regist

Figures (2)

  • Figure 1: Keyrates for EB-BB84 from our approach, for an example with QBER threshold $Q_\mathrm{thresh} = 0.025$, error-correction efficiency $\xi_\mathrm{EC}=1.1$, and security parameter $\varepsilon^\mathrm{secure} = 10^{-10}$. The brown, blue, and purple curves correspond to the keyrates given by the formulas \ref{['eq:lkeyBB84vN']}, \ref{['eq:lkeyBB84EUR']} and \ref{['eq:lkeyBB84fullRenyi']}, respectively, where we used heuristic numerical methods to evaluate the (fairly simple) minimizations in those formulas. For comparison, the dashed red curve is the corresponding result from TL17 (based on smooth-entropy EURs), and the black horizontal line is the asymptotic rate. It can be seen that our results are always an improvement over that work, except for the case of the suboptimal formula \ref{['eq:lkeyBB84vN']} at small $n$. We highlight that the formula \ref{['eq:lkeyBB84EUR']} already performs better everywhere despite also proceeding via a smooth min-entropy bound (instead of Rényi privacy amplification), i.e. this indicates we genuinely obtained a better bound on smooth min-entropy as compared to TL17. The choices of $S_\Omega$, $\lambda_\mathrm{EC}$ and epsilon parameters we used in our formulas are described in the main text. We roughly optimized the choices of $\gamma$ and $\alpha$ by parametrizing them as $\gamma = 10^{-x}$ and $\alpha=1+10^{-y}$, then taking the best result computed in a grid of values over $x\in[0,2.5]$ and $y\in[\log_{10}\sqrt{n} - 2, \log_{10}\sqrt{n} + 2]$ (the latter being motivated by the scaling analysis at the end of Sec. \ref{['subsubsec:infreqsamp']}); we leave a more refined approach for future applications.
  • Figure 2: Similar to Fig. \ref{['fig:oldSerfling']}, except that the parameter choices are $Q_\mathrm{thresh} = 0.0451$, $\xi_\mathrm{EC}=1.19$, $\varepsilon^\mathrm{secure} = 10^{-10}$, and the dashed red curve shows the corresponding data points from LXP+21 instead (which improved the finite-size analysis in TL17). Here there is no curve shown for our loosest bound \ref{['eq:lkeyBB84vN']}, as we could not obtain positive keyrates from it for the $n$ values in this range, consistent with the observation in Fig. \ref{['fig:oldSerfling']} that it performs less well at very small $n$. These results suggest that our best bound on the smooth min-entropy itself (i.e. that used in \ref{['eq:lkeyBB84EUR']}) is still better than LXP+21 at most $n$ values, though the advantage is not that large. However, in the end we can achieve much higher actual keyrates by instead using the fully Rényi formula \ref{['eq:lkeyBB84fullRenyi']}.

Theorems & Definitions (77)

  • Corollary 1.1
  • Definition 2.1
  • Definition 2.2
  • Definition 2.3
  • Definition 2.4
  • Definition 2.5
  • Definition 2.6
  • Definition 2.7
  • Definition 3.1
  • Definition 3.2
  • ...and 67 more