Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Entanglement is not sufficient for most practical entanglement-based QKD protocols

Shubhayan Sarkar, Tushita Prasad, Karol Horodecki

TL;DR

This work observes that entanglement is not sufficient for standard practical EB-QKD protocols where the input choices are announced by the parties that want to share a secure key, and identifies a class of isotropic states that are not useful to extract a secure key under such protocols, even if they are entangled.

Abstract

Quantum key distribution (QKD) is the most explored application of quantum information theory. A central problem in entanglement-based QKD (EB-QKD), is whether every entangled state can be used to extract a key. We observe that entanglement is not sufficient for standard practical EB-QKD protocols where the input choices are announced by the parties that want to share a secure key, such as E91 or entanglement-based BB84 type protocols, when even an arbitrarily small amount of leakage of classical side information occurs. We do this by identifying a class of two-qubit isotropic states that are entangled but cannot be used to distil the key under such protocols for any possible measurement by the parties. Counter-intuitively, this gap persists even when the leakage occurs from the "junk" rounds of the protocol, i.e, rounds that cannot be used to generate any key. We then extend this result to arbitrary dimensions and parties by identifying a class of isotropic states that are not useful to extract a secure key under such protocols, even if they are entangled. Finally, we demonstrate that our approach provides a tool to upper-bound the scalability of repeater-based QKD architectures in a protocol-independent manner. Interestingly, we find that allowing for even a tiny noise in the preparation drastically reduces the scalability of the QKD network.

Entanglement is not sufficient for most practical entanglement-based QKD protocols

TL;DR

This work observes that entanglement is not sufficient for standard practical EB-QKD protocols where the input choices are announced by the parties that want to share a secure key, and identifies a class of isotropic states that are not useful to extract a secure key under such protocols, even if they are entangled.

Abstract

Quantum key distribution (QKD) is the most explored application of quantum information theory. A central problem in entanglement-based QKD (EB-QKD), is whether every entangled state can be used to extract a key. We observe that entanglement is not sufficient for standard practical EB-QKD protocols where the input choices are announced by the parties that want to share a secure key, such as E91 or entanglement-based BB84 type protocols, when even an arbitrarily small amount of leakage of classical side information occurs. We do this by identifying a class of two-qubit isotropic states that are entangled but cannot be used to distil the key under such protocols for any possible measurement by the parties. Counter-intuitively, this gap persists even when the leakage occurs from the "junk" rounds of the protocol, i.e, rounds that cannot be used to generate any key. We then extend this result to arbitrary dimensions and parties by identifying a class of isotropic states that are not useful to extract a secure key under such protocols, even if they are entangled. Finally, we demonstrate that our approach provides a tool to upper-bound the scalability of repeater-based QKD architectures in a protocol-independent manner. Interestingly, we find that allowing for even a tiny noise in the preparation drastically reduces the scalability of the QKD network.
Paper Structure (2 sections, 3 theorems, 30 equations, 4 figures)

This paper contains 2 sections, 3 theorems, 30 equations, 4 figures.

Table of Contents

  1. Appendix A: Proof of the main theorem
  2. Appendix B: Maximum obtainable rate for any isotropic state using projective measurements

Key Result

Theorem 1

Consider the QKD protocol described above with a leakage paramter $\mathcal{L}$, which is implemented using the isotropic state $\rho_v$Wer. Then, for any two-outcome measurements with all parties, Eve can find a C.C. attack such that no secure key can be extracted for (i) $v\leq\frac{1}{3}+\frac{2\

Figures (4)

  • Figure 1: Under the uniform leakage model, each of the three curves represents the upper bound on the secure key rate achievable in any protocol where both parties publicly announce their measurement inputs (when measuring the isotropic state), for leakage values $\mathcal{L}=0.1,0.2$ and $0.3$.
  • Figure 2: Considering the uniform leakage model, we illustrate the dependence of the secure key rate $R$ on the number of repeaters $n$ for various initial visibilities for a particular leakage $\mathcal{L}=0.1$, showing the rapid degradation of the rate with increasing number of repeaters.
  • Figure 3: Under the uniform leakage model, the three curves depict upper bounds on the secure key rate as a function of the visibility $v$ of the isotropic state $\rho_v$ for the $d = 2, N = 3$ scenario, with each curve corresponding to a specific leakage value.
  • Figure 4: Considering the uniform leakage model, we illustrate the upper bounds on the secure key rate as a function of the visibility $v$ of the isotropic state $\rho_v$ for the $d = 3, N = 2$ scenario, shown three different leakage values. Here, the secret key rate can exceed one bit, since a three-dimensional quantum system can, in principle, generate a three-level key symbol per round, allowing up to $\log_2 3$ bits of secret key.

Theorems & Definitions (4)

  • Theorem 1
  • Theorem 2
  • Theorem 1
  • proof