Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security loophole in error verification in quantum key distribution

Toyohiro Tsurumaru, Akihiro Mizutani, Toshihiko Sasaki

TL;DR

The paper demonstrates that error verification in QKD invalidates naive secrecy bounds unless the secrecy definition incorporates the publicly announced verification outcome $V$. It presents a concrete counterexample showing misclaims of security when $V$ is ignored, and resolves the issue by translating Koashi's phase-error-correction approach into Renner's leftover hashing framework, where secrecy remains intact despite public disclosure of $V$. A simple, general method is provided to repair Koashi-based proofs without shortening the final key length, using an equivalence with Renner's approach and min-/max-entropy techniques. The work has practical impact for standardizing QKD security proofs, ensuring error verification is rigorously accounted for and enabling robust, verifiable security guarantees in real-world deployments.

Abstract

The security of quantum key distribution (QKD) is evaluated based on the secrecy of Alice's key and the correctness of the keys held by Alice and Bob. A practical method for ensuring correctness is known as error verification, in which Alice and Bob reveal a portion of their reconciled keys and check whether the revealed information matches. In this paper, we point out that when error verification is performed in a QKD protocol, the definition of secrecy must be revised accordingly. We illustrate the necessity of this revision with a counterexample, showing that neglecting it can lead to an incorrect security claim. In particular, we observe that in the case of security proof method based on phase error correction, which is one of the mainstream approaches and also known as Koashi's approach, no explicit method has been established to properly incorporate the revised secrecy definition. To resolve this issue, we present a way to translate the phase error correction-based approach into another mainstream approach, called the leftover hashing lemma-based approach, also known as Renner's approach, where a solution has already been formulated. As a consequence, security proofs under the phase error correction-based approach automatically remain valid without any change in the secret key length, even if they implicitly consider error verification without revising the secrecy definition.

Security loophole in error verification in quantum key distribution

TL;DR

The paper demonstrates that error verification in QKD invalidates naive secrecy bounds unless the secrecy definition incorporates the publicly announced verification outcome . It presents a concrete counterexample showing misclaims of security when is ignored, and resolves the issue by translating Koashi's phase-error-correction approach into Renner's leftover hashing framework, where secrecy remains intact despite public disclosure of . A simple, general method is provided to repair Koashi-based proofs without shortening the final key length, using an equivalence with Renner's approach and min-/max-entropy techniques. The work has practical impact for standardizing QKD security proofs, ensuring error verification is rigorously accounted for and enabling robust, verifiable security guarantees in real-world deployments.

Abstract

The security of quantum key distribution (QKD) is evaluated based on the secrecy of Alice's key and the correctness of the keys held by Alice and Bob. A practical method for ensuring correctness is known as error verification, in which Alice and Bob reveal a portion of their reconciled keys and check whether the revealed information matches. In this paper, we point out that when error verification is performed in a QKD protocol, the definition of secrecy must be revised accordingly. We illustrate the necessity of this revision with a counterexample, showing that neglecting it can lead to an incorrect security claim. In particular, we observe that in the case of security proof method based on phase error correction, which is one of the mainstream approaches and also known as Koashi's approach, no explicit method has been established to properly incorporate the revised secrecy definition. To resolve this issue, we present a way to translate the phase error correction-based approach into another mainstream approach, called the leftover hashing lemma-based approach, also known as Renner's approach, where a solution has already been formulated. As a consequence, security proofs under the phase error correction-based approach automatically remain valid without any change in the secret key length, even if they implicitly consider error verification without revising the secrecy definition.

Paper Structure

This paper contains 20 sections, 30 equations.

Table of Contents

  1. Introduction
  2. Conventional argument of the separation
  3. Separation lemma for QKD protocols with error verification
  4. Error verification's outcome must be announced
  5. Separation lemma with error verification
  6. Counterexample to bounding Eq. (\ref{['eq:separation_general_case']}) by Eq. (\ref{['eq:lemma1']})
  7. Protocol without error verification
  8. Protocol with error verification added
  9. Analysis of the counterexample
  10. Simple method for bounding secrecy parameter with error verification
  11. Solution in Renner's approach
  12. Setups and claims
  13. Mathematical details
  14. Proof of Lemma \ref{['lmm:H_min_non_decreasing']}
  15. Solution in Koashi's approach
  16. ...and 5 more sections

Theorems & Definitions (1)

  • proof