Device-Independent Quantum Key Distribution: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 74: Line 74:
'''2.''' Error Correction
'''2.''' Error Correction


''Alice and Bob apply the error correction protocol <math>EC</math> (see [[BB84 Quantum Key Distribution #References| [9]]]) , communicating script <math>O_{EC}</math> in the process. ''
''Alice and Bob apply the error correction protocol <math>EC</math> (see [[BB84 Quantum Key Distribution #References| [5]]]) , communicating script <math>O_{EC}</math> in the process. ''
# '''If''' <math>EC</math> aborts, they abort the protocol
# '''If''' <math>EC</math> aborts, they abort the protocol
# '''Else''' they obtain raw keys <math>\tilde{A}_1^n</math> and <math>\tilde{B}_1^n</math>.
# '''Else''' they obtain raw keys <math>\tilde{A}_1^n</math> and <math>\tilde{B}_1^n</math>.
Line 89: Line 89:
'''4.''' Privacy amplification
'''4.''' Privacy amplification


<math>PA(\cdot,\cdot)</math> ''is a privacy amplification subroutine'' (see [[BB84 Quantum Key Distribution #References| [10]]])
<math>PA(\cdot,\cdot)</math> ''is a privacy amplification subroutine'' (see [[BB84 Quantum Key Distribution #References| [6]]])
# Alice and Bob run <math>PA(A_1^{n'},\tilde{B}_1^{n'})</math> and obtain secret keys <math>K_A, K_B</math>;
# Alice and Bob run <math>PA(A_1^{n'},\tilde{B}_1^{n'})</math> and obtain secret keys <math>K_A, K_B</math>;



Revision as of 12:17, 2 May 2019

A device-independent quantum key distribution protocol implements the task of Quantum Key Distribution (QKD) without relying on any particular description of the underlying system. The protocol enables two parties, Alice and Bob, to establish a classical secret key by distributing an entangled quantum state and checking for the violation of a Bell inequality in order to certify the security. The output of the protocol is a classical secret key which is completely unknown to any third party, namely an eavesdropper.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task,Quantum Key Distribution, BB84 QKD,

Assumptions

  • Network: we assume the existence of an authenticated public classical channel between Alice and Bob.
  • Timing: we assume that the network is synchronous.
  • Adversarial model: coherent attacks.

Outline

A DIQKD protocol is composed by the following steps:

  • The first phase of the protocol is called distribution. For each round of this phase:
    • Alice uses the source to prepare a maximally entangled state and send half of the state to Bob.
    • Upon receiving the state, Bob announces that he received it, and they both use their respective devices to measure the quantum systems. They record their output in a string of bits.
  • The second phase is when Alice and Bob publicly exchange classical information in order to perform error correction, where they correct their strings generating the raw keys, and parameter estimation, where they estimate the parameters of interest. At the end of this phase Alice and Bob are supposed to share the same -bit string and have an estimate of how much knowledge an eavesdropper might have about their raw key.
  • In the final phase, Alice and Bob perform privacy amplification, where the not fully secure -bit strings are mapped into smaller strings and , which represents the final keys of Alice and Bob respectively.

Hardware Requirements

  • Network Stage: Entanglement Distribution
  • Relevant Network Parameters: (see Entanglement Distribution).
  • Benchmark values:
    • Minimum number of rounds ranging from to depending on the network parameters, for commonly used secure parameters.
    • , taking a depolarizing model as benchmark. Parameters satisfying are sufficient.
  • Distribution of Bell pairs, and measurement in three different bases (two basis on Alice's side and three basis on Bob's side).
  • Requires random number generator.

Notation

  • expected number of rounds
  • final key length
  • fraction of test rounds
  • quantum bit error rate
  • CHSH violation
  • expected winning probability on the CHSH game in an honest implementation
  • width of the statistical interval for the Bell test
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \delta_{con}} confidence interval for the Bell test
  • smoothing parameter
  • error probabilities of the error correction protocol
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_{EA}} error probability of Bell violation estimation.
  • error probability of Bell violation estimation.
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_{PA}} error probability of the privacy amplification protocol
  • leakage in the error correction protocol

Properties

Either the protocol (see Pseudocode) aborts with probability higher than , or it generates a
-correct-and-secret key of length

where is the leakage due to error correction step and the functions , , Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \nu_1} and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \nu_2} are specified below. The security parameters of the error correction protocol, Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \epsilon_{EC}} and , mean that if the error correction step of the protocol (see below) does not abort, then with probability at least , and for an honest implementation, the error correction protocol aborts with probability at most .

  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \bar{s}=\frac{1-(1-\gamma)^{\left\lceil \frac{1}{\gamma} \right\rceil}}{\gamma}}
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \eta_{opt}=\max_{\frac{3}{4}<\frac{{p}_t(1)}{1-(1-\gamma)^{s_{max}}}<\frac{2+\sqrt{2}}{4}} \Bigg(F_{\min}(\vec{p},\vec{p}_t)-\frac{1}{\sqrt{m}}\nu_2\Bigg)}

Pseudocode

  • Input:
  • Output:

1. Distribution and measurement

  1. For every block
    1. Set Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle i=0} and .
    2. While
      1. Set Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle i=i+1}
      2. Alice and Bob choose a random bit such that .
      3. If then Alice and Bob choose inputs .
      4. Else they choose (the observables for the CHSH test).
      5. Alice and Bob use their devices with the respective inputs and record their outputs, and respectively.
      6. If they set .

At this point Alice holds strings and Bob , all of length .

2. Error Correction

Alice and Bob apply the error correction protocol (see [5]) , communicating script in the process.

  1. If aborts, they abort the protocol
  2. Else they obtain raw keys and .

3. Parameter estimation

  1. Using and , Bob sets
    1. If and then
    2. If and then
    3. If then
  2. He aborts If , i.e., if they do not achieve the expected violation.

For the summation in 3.2 we use the convention that , that is acts as with respect to the addition.

4. Privacy amplification

is a privacy amplification subroutine (see [6])

  1. Alice and Bob run and obtain secret keys ;

Further Information

  1. Acín et al. (2007) gives the first security proof of device-independent QKD against collective attacks.
  2. Vazirani and Vidick (2014) gives the first security proof of device-independent QKD against coherent attacks.
  3. Arnon-Friedman et al. (2018) & Arnon-Friedman et al. (2019) simplify and tighten security proofs of device-independent QKD against coherent attacks.
  4. Tan et al. (2019) shows that post-processing of the key using 2-way classical communication, denoted advantage distillation, can increase the QBER tolerance up to .
  5. Secret-Key Reconciliation by Public Discussion
  6. Security of Quantum Key Distribution
contributed by Gláucia Murta