Table of Contents
Fetching ...

A rigorous and complete security proof of decoy-state BB84 quantum key distribution

Devashish Tupkary, Shlok Nahar, Amir Arqand, Ernest Y. -Z. Tan, Norbert Lütkenhaus

TL;DR

This work delivers a rigorous, complete security proof for a fully specified decoy-state BB84 QKD protocol by embedding it in a general modular framework based on the Marginal-Constrained Entropy Accumulation Theorem (MEAT). It unifies key ingredients—authentication, source-replacement, squashing maps, finite-size analysis, and decoy-state techniques—into a single formalism adaptable to various QKD protocols and practical imperfections. The authors provide a concrete recipe to derive security proofs for broad QKD classes, show reductions to honest authentication, and extend the framework to optical (infinite-dimensional) settings via tagging and squashing. Numerically, the security bounds reduce to finite-dimensional convex optimization problems, enabling reliable key-rate computation that matches prior results while offering extensibility to time-varying channels and adaptive post-processing. Overall, the framework constitutes a robust, implementation-oriented foundation for certification, standardization, and practical deployment of QKD systems.

Abstract

We present a rigorous and complete security proof of the decoy-state BB84 quantum key distribution (QKD) protocol. Our analysis aims to achieve a high standard of mathematical rigour and completeness, thereby providing the necessary foundation for certification and standardization efforts. Beyond establishing the security of a specific protocol, this work develops a general and modular framework that can be readily adapted to a broad class of QKD protocols, including both prepare-and-measure and entanglement-based variants. Our framework unifies all major ingredients required for the analysis of realistic QKD protocols, including the analysis of classical authentication and classical processing, source-replacement schemes, finite-size analysis, source maps, squashing maps, and decoy-state techniques. In doing so, this work consolidates a diverse range of techniques scattered across the QKD literature into a unified formalism, representing a general and rigorous treatment of QKD security. Finally, it outlines a clear path towards incorporating practical imperfections within the same framework, thereby laying the groundwork for addressing implementation security in future analysis.

A rigorous and complete security proof of decoy-state BB84 quantum key distribution

TL;DR

This work delivers a rigorous, complete security proof for a fully specified decoy-state BB84 QKD protocol by embedding it in a general modular framework based on the Marginal-Constrained Entropy Accumulation Theorem (MEAT). It unifies key ingredients—authentication, source-replacement, squashing maps, finite-size analysis, and decoy-state techniques—into a single formalism adaptable to various QKD protocols and practical imperfections. The authors provide a concrete recipe to derive security proofs for broad QKD classes, show reductions to honest authentication, and extend the framework to optical (infinite-dimensional) settings via tagging and squashing. Numerically, the security bounds reduce to finite-dimensional convex optimization problems, enabling reliable key-rate computation that matches prior results while offering extensibility to time-varying channels and adaptive post-processing. Overall, the framework constitutes a robust, implementation-oriented foundation for certification, standardization, and practical deployment of QKD systems.

Abstract

We present a rigorous and complete security proof of the decoy-state BB84 quantum key distribution (QKD) protocol. Our analysis aims to achieve a high standard of mathematical rigour and completeness, thereby providing the necessary foundation for certification and standardization efforts. Beyond establishing the security of a specific protocol, this work develops a general and modular framework that can be readily adapted to a broad class of QKD protocols, including both prepare-and-measure and entanglement-based variants. Our framework unifies all major ingredients required for the analysis of realistic QKD protocols, including the analysis of classical authentication and classical processing, source-replacement schemes, finite-size analysis, source maps, squashing maps, and decoy-state techniques. In doing so, this work consolidates a diverse range of techniques scattered across the QKD literature into a unified formalism, representing a general and rigorous treatment of QKD security. Finally, it outlines a clear path towards incorporating practical imperfections within the same framework, thereby laying the groundwork for addressing implementation security in future analysis.
Paper Structure (52 sections, 29 theorems, 162 equations, 5 figures, 12 tables)

This paper contains 52 sections, 29 theorems, 162 equations, 5 figures, 12 tables.

Key Result

Theorem 5.1

Let $\mathcal{P}_\mathrm{QKD}$ denote the full protocol described in prot:abstractqkdprotocol, and let $\widetilde{\mathcal{P}}_\mathrm{QKD}$ denote the same protocol excluding its final step that performs authentication post-processing operations. We refer to this final step as $\mathcal{P}_\mathrm meaning that $\mathcal{P}_\mathrm{QKD}$ is obtained by running $\mathcal{P}_\mathrm{APP}$ on the ou

Figures (5)

  • Figure 1: Passive polarisation-encoded BB84 detection setup.
  • Figure 2: Schematic of public announcements stored in register $\widehat{C}_j$. Blue refers to Bob's announcements, and orange refers to Alice's announcements. See \ref{['eq:fannounce']} for a formal description.
  • Figure 3: Authenticated classical communication model in QKD. Messages pass through Eve, who may delay, drop, or substitute them with $\texttt{auth-abort}\xspace$, subject to the constraints described in \ref{['sec:reductionstatement']}. Time flows from top to bottom in the figure, which illustrates an example scenario: in earlier parts of the protocol (not shown in the figure), 4 messages have been sent from Alice to Bob, and 13 messages from Bob to Alice. Eve does not interfere with Alice’s 5th message to Bob. However, she chooses to delay Bob’s 14th message. (Presumably, Alice does not send a new message during this period because she is waiting to receive one.) During the delay, Eve receives Bob’s 15th message and also delivers the 6th message to Bob. According to our communication model, this implies that $C^{(6)}_{E \rightarrow B}$ must be $\texttt{auth-abort}\xspace$. Figure and caption from Ref. inprep_authentication.
  • Figure 4: The evolution of the state through Eve's attack channels $\{ \mathcal{A}_{j} \}$, and Alice and Bob's operations $\{\mathcal{G}_{j}\}$ for the \ref{['prot:virtualprotocoll']}. The evolution of states is also described in \ref{['lemma:stateevolution']}. Note that the announcements $\widehat{C}_j$ are made available to Eve through an explicit copy $\widetilde{C}_j$, which gets merged with $E'_j$ to form $E_j$.
  • Figure 5: (Same as \ref{['fig:MEAT_Attack']}). The evolution of the state through Eve's attack channels $\{ \mathcal{A}_{j} \}$, and Alice and Bob's operations $\{\mathcal{G}_{j}\}$ for the \ref{['prot:virtualprotocoll']}. The evolution of states is also described in \ref{['lemma:stateevolution']}. Note that the announcements $\widehat{C}_j$ are made available to Eve through an explicit copy $\widetilde{C}_j$, which gets merged with $E'_j$ to form $E_j$. The MEAT (\ref{['theorem:MEAT']}) is applied for the sequence of channels $\{\mathcal{M}_j\}$.

Theorems & Definitions (90)

  • Definition 3.1
  • Definition 3.2
  • Definition 3.3
  • Definition 3.4
  • Definition 3.5
  • Definition 3.6: POVM
  • Definition 3.7: Measurement channel
  • Definition 3.8: QKD Security with asymmetric aborts ferradini2025definingsecurityquantumkey
  • Definition 3.9: QKD Security with symmetric aborts
  • Remark 4.3
  • ...and 80 more