Genuine multipartite entanglement is not necessary for standard device-independent conference key agreement

TL;DR

This work resolves whether genuine multipartite entanglement is necessary for secure device-independent conference key agreement by constructing an asymptotically secure DICKA protocol that uses only biseparable states. In a star network with a single device per party, a single joint Bell violation certifies security, and the protocol achieves a conference key rate equal to the concatenation of $N-1$ bipartite DIQKD protocols. The security proof leverages a sum-of-squares decomposition and self-testing properties of extremal CHSH correlations, showing that the conditional entropy bound $H(A|X=0,T=t,E)=1$ holds under maximal violation, yielding an ideal rate of $r^ ext{∞}_ ext{CKA}=1/2$ when test and generation rounds are balanced. The results imply that multipartite entanglement is not strictly advantageous for DICKA in this scenario and motivate further exploration of device requirements, network architectures, and near-term implementations.

Abstract

Conference key agreement aims to establish shared, private randomness among many separated parties in a network. Device-independent conference key agreement (DICKA) is a variant in which the source and the measurement devices used by each party need not be trusted. So far, DICKA protocols largely fall into two categories: those that rely on violating a joint Bell inequality using genuinely multi-partite entangled states, and those that concatenate many bipartite protocols. The question of whether a hybrid protocol exists, where a multi-partite Bell inequality can be violated using only bipartite entanglement, was asked by Grasselli et al. in [Quantum 7, 980, (2023)]. We answer this question affirmatively, by constructing an asymptotically secure DICKA protocol achieving the same rate as the concatenation of bipartite device-independent quantum key distribution, yet relying on a single joint Bell violation. Our results prompt further discussion on the benefits of multi-partite entanglement for DICKA over its bipartite alternative, and we give an overview of different arguments for near-term devices.

Figures (2)

• Figure 1: Graphical representation of our DICKA protocol. Each round, every party receives part of a quantum state from an untrusted source, randomly samples an input $X/Y/Z$ and performs an untrusted measurement. They obtain two outcomes, and the joint statistics are used to estimate the value of a multi-partite Bell inequality. In the honest implementation, the outcome $T_{A/B/C}$ corresponds to a classical flag indicating who shares entanglement with Alice on that round, whilst the outcome $A/B/C$ results from performing a CHSH-type measurement on a quantum system.
• Figure 2: Robustness of our construction to noise. We consider the local randomness of Alice's outcome $A$ when $T=0$, and set observed distribution of the flag to $p_{T}(0)= 1/2$. One score corresponds to the constraint $\langle I \rangle \geq s$, while two scores corresponds to the constraints $\langle I_{\text{CHSH}}^{AB,T=0} \rangle \geq p_{T}(0)s$ and $\langle I_{\text{CHSH}}^{AC,T=1} \rangle \geq p_{T}(1)s$. We also include all constraints in \ref{['eq:projConstr1']}. $H_{\text{min}}$ corresponds to lower bounds on the min-entropy obtained via the NPA hierarchy NPA1NPA2, and $H_{\text{vN}}$ corresponds to lower bounds on the von Neumann entropy obtained using the technique of Ref. Brown2024deviceindependent. The data used in this figure is available at dataset.

Theorems & Definitions (10)

• Proposition 1: informal
• Lemma 1
• proof
• proof
• Lemma 2
• proof
• Definition 1: Franz_2011
• Lemma 3: Franz_2011
• Lemma 4
• proof