Finite Size Analysis of Decoy-State BB84 with Advantage Distillation

TL;DR

This paper provides the first complete finite-key security analysis of decoy-state BB84 enhanced with Advantage Distillation (AD). By leveraging entropic uncertainty relations and a refined block-wise post-selection framework, the authorsshow that the QBER tolerance and channel loss tolerance can be significantly increased, with empirical demonstrations indicating a rise from about $9.5\%$ to $17.3\%$ in feasible secure operation for large block sizes. The security proof combines a rigorous SKL bound, Leftover Hash Lemma, and composable statistical bounds, while the simulation section demonstrates practical gains under realistic channel models. The work suggests AD as a software-level enhancement to existing QKD systems that can extend secure operation in high-noise environments, including daytime satellite links and fibre-based networks, without altering quantum hardware.

Abstract

Advantage Distillation (AD) is a classical post-processing technique that enhances Quantum Key Distribution (QKD) protocols by increasing the maximum acceptable Quantum Bit Error Rate (QBER) and thus extending the distance at which QKD links can be securely established. AD operates by post-selecting blocks of bits and extracting fewer high-fidelity bits, exhibiting a reduced QBER and thus lowering the amount of information that has to be disclosed during the information reconciliation step. In this work we present the first comprehensive finite key-size analysis of decoy-state BB84 enhanced via AD post-processing. We demonstrate that through the use of AD the maximum acceptable QBER increases from around $9.5\%$ to around $17.3\%$ for realistic key sizes. This result shows that substantial performance enhancements can be achieved in scenarios which are constrained by the maximum tolerable QBER via improvements of the post-processing method alone.

Figures (6)

• Figure 1: Flow diagram of a decoy-state BB84 protocol with AD. Trapezoids correspond to steps where intermediate quantities are computed. Rounded boxes correspond to decision points, where the protocol may or may not abort (note that success of IR implies success of EV). Dashed arrows denote events that are not directly observable. The event that the QKD protocol does not abort is $\Omega_\checkmark = \Omega_\textup{AT} \land \Omega_\textup{EV}$ and the event that a secure (i.e., correct and secret) key is generated is $\Omega_\textup{secure} = \Omega_\checkmark \land \Omega_\textup{IR} \land \Omega_\textup{PE}$.
• Figure 2: Two equivalent entanglement-based descriptions of the QKD protocol. $A,B,E$ denote Alice's, Bob's and Eve's quantum registers, single lines represent qubits, double lines represent classical information. On the left, the state $\rho_{ABE}$ is the shared quantum state at the end of the quantum communication round, which may be arbitrary due to Eve's tampering. Some of the qubits are measured in the $\mathsf{Z}$ basis by Alice and Bob in blocks of $b$ bits (here $b=3$ is represented), classical communication $C$ is exchanged to compare the results and the AD post-selection is applied by discarding the bits when the parity measurements do not match. On the right, the equivalent procedure where AD is performed directly on the qubits in order to post-select the output depending on the measurement outcome. The region encompassed by the dotted line represents the post-selected state $\bar{\rho}_{ABE}$. By construction $\bar{\rho}_{ABE}$ has a lower $\mathsf{Z}$-QBER than $\rho_{ABE}$.
• Figure 3: The AD parity measurements and the $\mathsf{X}$ and $\mathsf{Z}$ measurements on the distilled bit can be implemented via quantum gates operating on the qubits employing the circuit identities illustrated here.
• Figure 4: A commutative diagram of transformations mapping the state after the quantum communication phase ($\rho_{ABE}$) to the state where Alice has measured her registers and extracted the distilled bits ($\rho_{\bar{Z}_ACE}$). The parity checks $\sum_{\mathbf{c}}\left|{\mathbf{c}}\right\rangle\!\left\langle{\mathbf{c}}\right|\otimes \Pi^\mathbf{c}$, the key-extraction measurements $\left|{\mathbf{z}}\right\rangle\!\left\langle{\mathbf{z}}\right|\otimes M^\mathbf{z}$ and the AD projection $\Pi^{AD}$ are all commuting $\mathsf{Z}$-basis operations, hence the upper part (black) and the lower path (orange) are equal transformations. The alternative measurement $\sum_\mathbf{x} \left|{\mathbf{x}}\right\rangle\!\left\langle{\mathbf{x}}\right|\otimes N^\mathbf{x}$ (blue) is used in the entropic uncertainty relation.
• Figure 5: Plots of the secure key rate $\ell/N$ (i.e., SKL over sent pulses) as a function of the QBER. We consider a channel with unit transmission, $\eta=1$, no noise counts, $p_\textup{noise}=0$, and the QBER stemming solely from varying the basis misalignment angle $\delta_\textup{mis}$. The number of sent pulses varies from $N=10^8$ to $N=10^{14}$ in the four plots.

Theorems & Definitions (24)

• Definition 1: Security of a QKD protocol
• Definition 2: Correctness and secrecy of a QKD protocol
• Lemma 3
• proof
• Lemma 4: Leftover Hashing
• Corollary 5: Secure Key Length from Hashing
• Lemma 6
• proof
• Theorem 7: Entropic Uncertainty Relation
• Lemma 8