Universally composable privacy amplification against quantum adversaries
Renato Renner, Robert Koenig
TL;DR
The paper formalizes privacy amplification against quantum adversaries under universal composability, showing that two-universal hashing yields keys whose secrecy degrades at most exponentially with a bound based on quantum Rényi entropies. It proves a tight, asymptotically optimal relation between extractable key length and quantum conditional entropy, with rate $R=H(Z|\boldsymbol{\rho})$, and demonstrates that many QKD protocols are universally composable as a consequence. The results unify privacy amplification with UC security and extend classical bounds to the quantum setting, enabling secure composition in complex cryptographic protocols. These findings have direct implications for the security guarantees of QKD implementations such as BB84 and B92 when used as sub-protocols in larger systems.
Abstract
Privacy amplification is the art of shrinking a partially secret string Z to a highly secret key S. We show that, even if an adversary holds quantum information about the initial string Z, the key S obtained by two-universal hashing is secure, according to a universally composable security definition. Additionally, we give an asymptotically optimal lower bound on the length of the extractable key S in terms of the adversary's (quantum) knowledge about Z. Our result has applications in quantum cryptography. In particular, it implies that many of the known quantum key distribution protocols are universally composable.