Authentication in Security Proofs for Quantum Key Distribution
Devashish Tupkary, Shlok Nahar, Ernest Y. -Z. Tan
TL;DR
The paper addresses a fundamental gap in QKD security proofs arising from practical authenticated channels that may abort asymmetrically and tamper with timing. It introduces a general reduction that lifts any QKD security proof validated under honest authentication to the realistic setting by appending an Authentication Post-Processing (APP) step, and it also analyzes a Delayed Authentication variant (del-APP) to reduce authentication-key consumption. The core idea is to show that the real-world protocol’s security can be bounded by the security of the core QKD protocol in the honest-authentication model, via a sequence of reductions, commutations with an ideal map, and a virtual authentication framework. This formalization is broad enough to apply to device-dependent, MDI, and device-independent QKD, and it enables retroactive lifting of prior proofs (e.g., decoy-state BB84) to practical authentication scenarios, with potential composable-security integration in future work. Overall, the work provides a general, protocol-agnostic pathway to reconcile QKD security with realistic authentication assumptions and offers practical variants to optimize authentication resource usage.
Abstract
Quantum Key Distribution (QKD) protocols rely on authenticated classical communication. Typical QKD security proofs are carried out in an idealized setting where authentication is assumed to behave honestly: it never aborts, and all classical messages are delivered faithfully with their original timing preserved. Authenticated channels that can be constructed in practice have different properties. Most critically, such channels may abort asymmetrically, such that only the receiving party may detect an authentication failure while the sending party remains unaware. Furthermore, an adversary may delay, reorder, or block classical messages. This discrepancy renders the standard QKD security definition and existing QKD security proofs invalid in the practical authentication setting. In this work we resolve this issue. Our main result is a reduction theorem showing that, under mild and easily satisfied protocol conditions, any QKD protocol proven secure under the honest authentication setting remains secure under a practical authentication setting. This result allows all existing QKD proofs to be retroactively lifted to the practical authentication setting with a minor protocol tweak.
