Device-Independent Quantum Key Distribution: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 55: Line 55:


==Pseudo Code==
==Pseudo Code==
*'''Input:'''<math>n, \gamma, \epsilon_{\rm PA},\epsilon_{\rm PE},\epsilon_{\rm EC},\epsilon'_{\rm EC},Q_Z</math>
*'''Input:'''<math>n, \delta</math></br>
*'''Output:'''<math>K_A, K_B</math>
*'''Output:'''<math>K_A, K_B</math></br>
<u>'''Stage 1'''</u> Distribution and measurement
<u>'''Stage 1'''</u> Distribution and measurement</br>
#For i=1,2,...,n
#'''For''' every block <math> j \in [m]</math>
## Sender chooses random bits <math>X_i\epsilon\{0,1\}</math> and <math>A_i\epsilon_R\{0,1\}</math> such that <math>P(X_i=1)=\gamma</math>
##Set <math>i=0</math> and <math>C_j=\bot</math>.
## Sender prepares <math>H^{X_i}|A_i\rangle</math> and sends it to Bob
##'''While''' <math>i \leq s_{max}</math>
##  Receiver announces receiving a state
###Set <math>i=i+1</math>
##  Receiver chooses bit <math>Y_i\in_R\{0,1\}</math> such that <math>P(Y_i=1)=\gamma</math>
### Alice and Bob choose a random bit <math>T_i \in \{0,1\}</math> such that <math>P(T_i=1)=\gamma</math>.
##  Receiver measures <math>H^{X_i}|A_i\rangle</math> in basis <math>\{H^{Y_i}|0\rangle, H^{Y_i}|1\rangle\}</math> with outcome <math>B_i</math>
### '''If''' <math>T_i=0</math> '''then''' Alice and Bob choose inputs <math>(X_i, Y_i)=(0,2)</math>.
 
### '''Else''' they choose <math>X_i ,Y_i \in \{0,1\}</math> (the observables for the CHSH test).
*At this stage Sender holds strings <math>X_1^n, A_1^n</math> and Receiver <math>Y_1^n, B_1^n</math>, all of length <math>n</math>
### Alice and Bob use their devices with the respective inputs and record their outputs, <math>A_i</math> and <math>B_i</math> respectively.
### '''If''' <math>T_i=1</math> they  set <math>i=s_{max}+1</math>.
*At this stage Alice holds strings <math>X_1^n, A_1^n</math> and Bob <math>Y_1^n, B_1^n</math>, all of length <math>n</math>.
 
<u>'''Stage 2'''</u> Sifting   
<u>'''Stage 2'''</u> Sifting   
#Alice and Bob publicly announce <math>X_1^n, Y_1^n</math>
#For i=1,2,....,n
## If <math>X_i=Y_i</math>
### <math>A_1^{n'} = A_1^{n'}.</math>append</math>(A_i)</math>
### <math>B_1^{n'} = B_1^{n'}.</math>append<math>(B_i)</math>
### <math>X_1^{n'} = X_1^{n'}.</math>append<math>(X_i)</math>
### <math>Y_1^{n'} = Y_1^{n'}.</math>append<math>(Y_i)</math>
*Now Sender holds strings <math>X_1^{n'}, A_1^{n'}</math> and Receiver <math>Y_1^{n'}, B_1^{n'}</math>, all of length <math>n'\leq n</math>
<u>'''Stage 3'''</u> Parameter estimation
<u>'''Stage 3'''</u> Parameter estimation
#For <math>i=1,...,n</math>
## size<math>Q</math> = 0
## If{<math>X_i = Y_i = 1</math>
### Sender and Receiver publicly announce <math>A_i, B_i</math>
### Sender and Receiver compute <math>Q_i = 1 - \delta_{A_iB_i}</math>, where <math>\delta_{A_iB_i}</math> is the Kronecker delta
## size<math>Q</math> += 1\;
*Both Sender and Receiver, each, compute <math>Q_X = \frac{1}{\text{size}Q} \sum_{i=1}^{n'}Q_i</math></br>
<u>'''Stage 4'''</u> Error correction
<u>'''Stage 4'''</u> Error correction
*''<math>C(\cdot,\cdot)</math> is an error correction subroutine determined by the previously estimated value of <math>Q_Z</math> and with error parameters  <math>\epsilon'_{\rm EC}</math> and <math>\epsilon_{\rm EC}</math>
#Both Sender and Receiver run <math>C(A_1^{n'},B_1^{n'})</math>''.
#Receiver obtains <math>\tilde{B}_1^{n'}</math>
<u>'''Stage 5'''</u> Privacy amplification
<u>'''Stage 5'''</u> Privacy amplification
*''<math>PA(\cdot,\cdot)</math> is a privacy amplification subroutine determined by the size <math>\ell</math>, computed from equation for key length <math>\ell</math> (see [[Quantum Key Distribution#Properties|Properties]]), and  with secrecy parameter <math>\epsilon_{\rm PA}</math>''
#Sender and Receiver run $PA(A_1^{n'},\tilde{B}_1^{n'})$ and obtain secret keys $K_A, K_B$\;


==Further Information==
==Further Information==

Revision as of 11:33, 19 March 2019

A device-independent quantum key distribution protocol implements the task of Quantum Key Distribution (QKD) without relying on any particular description of the underlying system. The protocol enables two parties, Alice and Bob, to establish a classical secret key by distributing an entangled quantum state and checking for the violation of a Bell inequality in order to certify the security. The output of the protocol is a classical secret key which is completely unknown to any third party, namely an eavesdropper.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task,Quantum Key Distribution, BB84 QKD,

Assumptions

  • We assume the existence of an authenticated public classical channel between the two parties
  • We assume synchronous network between parties
  • We assume security from coherent attacks

Outline

A DIQKD protocol is composed by the following steps:

  • Distribution: For each round of the distribution phase:
    • Alice uses the source to prepare a maximally entangled state and send half of the state to Bob.
    • Upon receiving the state, Bob announces that he received it, and they both use their respective devices to measure the quantum systems. They record their output in a string of bits.
  • A second phase where Alice and Bob publicly exchange classical information in order to perform error correction, where they correct their strings generating the raw keys, and parameter estimation, where they estimate the parameters of interest. At the end of this phase Alice and Bob are supposed to share the same -bit string and have an estimate of how much knowledge an eavesdropper might have about their raw key.
  • In the final phase, Alice and Bob perform privacy amplification, where the not fully secure -bit strings are mapped into smaller strings and , which represents the final keys of Alice and Bob respectively.

Hardware Requirements

  • Network Stage: Entanglement Distribution
  • Relevant Network Parameters: (see Entanglement Distribution)
  • Distribution of Bell pairs, and measurement in three different bases (two basis on Alice's side and three basis on Bob's side).
  • Minimum number of rounds ranging from Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathcal{O}(10^6)} to depending on the network parameters, for commonly used secure parameters.
  • , taking a depolarizing model as benchmark. Parameters satisfying Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_T+\epsilon_M\leq 0.071} are sufficient.
  • Authenticated classical channel.
  • Random number generator.

Notations Used

  • expected number of rounds
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle l} final key length
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \gamma} fraction of test rounds
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Q} quantum bit error rate
  • CHSH violation
  • expected winning probability on the CHSH game in an honest implementation
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \delta_{est}} width of the statistical interval for the Bell test
  • confidence interval for the Bell test
  • smoothing parameter
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_{EC},\epsilon'_{EC}} error probabilities of the error correction protocol
  • error probability of Bell violation estimation.
  • error probability of Bell violation estimation.
  • error probability of the privacy amplification protocol
  • leakage in the error correction protocol

Properties

Either Protocol (see Pseudo-code) abort with probability higher than , or it generates a
Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (2\epsilon_{EC}+\epsilon_{PA}+\epsilon_s)} -correct-and-secret key of length

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle -3\log\Bigg(1-\sqrt{1-\Bigg(\frac{\epsilon_s}{4(\epsilon_{EA} + \epsilon_{EC})}\Bigg)^2}\Bigg)+2\log\Bigg(\frac{1}{2\epsilon_{PA}}\Bigg)} ,
where is the leakage due to error correction step and the functions , , and are specified in below. The security parameters of the error correction protocol, and , mean that if the error correction step in Protocol 1 does not abort, then with probability at least , and for an honest implementation, the error correction protocol aborts with probability at most .

Pseudo Code

  • Input:
  • Output:

Stage 1 Distribution and measurement

  1. For every block
    1. Set and .
    2. While
      1. Set
      2. Alice and Bob choose a random bit such that .
      3. If then Alice and Bob choose inputs .
      4. Else they choose (the observables for the CHSH test).
      5. Alice and Bob use their devices with the respective inputs and record their outputs, and respectively.
      6. If they set .
  • At this stage Alice holds strings and Bob , all of length .

Stage 2 Sifting Stage 3 Parameter estimation Stage 4 Error correction Stage 5 Privacy amplification

Further Information