Device-Independent Quantum Key Distribution

A device-independent quantum key distribution protocol implements the task of Quantum Key Distribution (QKD) without relying on any particular description of the underlying system. The protocol enables two parties, Alice and Bob, to establish a classical secret key by distributing an entangled quantum state and checking for the violation of a Bell inequality in order to certify the security. The output of the protocol is a classical secret key which is completely unknown to any third party, namely an eavesdropper.

Tags: Two Party, Quantum Enhanced Classical Functionality, Specific Task,Quantum Key Distribution, BB84 QKD,

Assumptions

• We assume the existence of an authenticated public classical channel between the two parties
• We assume synchronous network between parties
• We assume security from coherent attacks

Outline

A DIQKD protocol is composed by the following steps:

• Distribution: For each round of the distribution phase:
  • Alice uses the source to prepare a maximally entangled state and send half of the state to Bob.
  • Upon receiving the state, Bob announces that he received it, and they both use their respective devices to measure the quantum systems. They record their output in a string of bits.
• A second phase where Alice and Bob publicly exchange classical information in order to perform error correction, where they correct their strings generating the raw keys, and parameter estimation, where they estimate the parameters of interest. At the end of this phase Alice and Bob are supposed to share the same ${\displaystyle n}$-bit string and have an estimate of how much knowledge an eavesdropper might have about their raw key.
• In the final phase, Alice and Bob perform privacy amplification, where the not fully secure ${\displaystyle n}$-bit strings are mapped into smaller strings ${\displaystyle K_{A}}$ and ${\displaystyle K_{B}}$, which represents the final keys of Alice and Bob respectively.

Hardware Requirements

• Network Stage: Entanglement Distribution
• Relevant Network Parameters: ${\displaystyle \epsilon _{T},\epsilon _{M}}$ (see Entanglement Distribution)
• Distribution of Bell pairs, and measurement in three different bases (two basis on Alice's side and three basis on Bob's side).
• Minimum number of rounds ranging from Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mathcal {O}}(10^{6})} to ${\displaystyle {\mathcal {O}}(10^{12})}$ depending on the network parameters, for commonly used secure parameters.
• ${\displaystyle QBER\leq 0.071}$, taking a depolarizing model as benchmark. Parameters satisfying Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \epsilon _{T}+\epsilon _{M}\leq 0.071} are sufficient.
• Authenticated classical channel.
• Random number generator.

Notations Used

• ${\displaystyle n}$ expected number of rounds
• ${\displaystyle l}$ final key length
• ${\displaystyle \gamma }$ fraction of test rounds
• ${\displaystyle Q}$ quantum bit error rate
• ${\displaystyle \beta }$ CHSH violation
• ${\displaystyle \omega _{exp}}$ expected winning probability on the CHSH game in an honest implementation
• ${\displaystyle \delta _{est}}$ width of the statistical interval for the Bell test
• ${\displaystyle \delta _{con}}$ confidence interval for the Bell test
• Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \epsilon _{s}} smoothing parameter
• ${\displaystyle \epsilon _{EC},\epsilon '_{EC}}$ error probabilities of the error correction protocol
• ${\displaystyle \epsilon _{EA}}$ error probability of Bell violation estimation.
• ${\displaystyle \epsilon _{con}}$ error probability of Bell violation estimation.
• Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \epsilon _{PA}} error probability of the privacy amplification protocol
• Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mbox{leak}}_{EC}} leakage in the error correction protocol

Properties

Either Protocol (see Pseudo-code) abort with probability higher than ${\displaystyle 1-(\epsilon _{EA}+\epsilon _{EC})}$, or it generates a
${\displaystyle (2\epsilon _{EC}+\epsilon _{PA}+\epsilon _{s})}$-correct-and-secret key of length
${\displaystyle l\geq {\frac {n}{\bar {s}}}\eta _{opt}-{\frac {n}{\bar {s}}}h(\omega _{exp}-\delta _{est})-{\sqrt {\frac {n}{\bar {s}}}}\nu _{1}-{\mbox{leak}}_{EC}}$
${\displaystyle -3\log {\Bigg (}1-{\sqrt {1-{\Bigg (}{\frac {\epsilon _{s}}{4(\epsilon _{EA}+\epsilon _{EC})}}{\Bigg )}^{2}}}{\Bigg )}+2\log {\Bigg (}{\frac {1}{2\epsilon _{PA}}}{\Bigg )}}$,
where Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mbox{leak}}_{EC}} is the leakage due to error correction step and the functions ${\displaystyle {\bar {s}}}$, ${\displaystyle \eta _{opt}}$, ${\displaystyle \nu _{1}}$ and ${\displaystyle \nu _{2}}$ are specified in below. The security parameters of the error correction protocol, ${\displaystyle \epsilon _{EC}}$ and ${\displaystyle \epsilon '_{EC}}$, mean that if the error correction step in Protocol 1 does not abort, then ${\displaystyle K_{A}=K_{B}}$ with probability at least ${\displaystyle 1-\epsilon _{EC}}$, and for an honest implementation, the error correction protocol aborts with probability at most Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \epsilon '_{EC}+\epsilon _{EC}} .

• Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\bar {s}}={\frac {1-(1-\gamma )^{\left\lceil {\frac {1}{\gamma }}\right\rceil }}{\gamma }}}
• ${\displaystyle \eta _{opt}=\max _{{\frac {3}{4}}<{\frac {{p}_{t}(1)}{1-(1-\gamma )^{s_{max}}}}<{\frac {2+{\sqrt {2}}}{4}}}{\Bigg (}F_{\min }({\vec {p}},{\vec {p}}_{t})-{\frac {1}{\sqrt {m}}}\nu _{2}{\Bigg )}}$
• Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle F_{\min }({\vec {p}},{\vec {p}}_{t})={\frac {d}{d{p}(1)}}g({\vec {p}}){\Big |}_{{\vec {p}}_{t}}\cdot {p}(1)+{\Bigg (}g({\vec {p}}_{t})-{\frac {d}{d{p}(1)}}g({\vec {p}})|_{{\vec {p}}_{t}}\cdot {p}_{t}(1){\Bigg )}}
• ${\displaystyle g({\vec {p}})={s}{\Bigg (}1-h{\Big (}{\frac {1}{2}}+{\frac {1}{2}}{\sqrt {16{\frac {{p}(1)}{1-(1-\gamma )^{s_{max}}}}{\Bigg (}{\frac {{p}(1)}{1-(1-\gamma )^{s_{max}}}}-1}}+3){\Bigg )}}$
• ${\displaystyle \nu _{2}=2{\Big (}\log {\Bigg (}1+2\cdot 2^{s_{\max }}3}+\left\lceil {\frac {d}{d{p}(1)}}g({\vec {p}}){\big |}_{{\vec {p}}_{t}}\right\rceil {\Bigg )}{\sqrt {1-2\log \epsilon _{s})}}$
• ${\displaystyle \nu _{1}=2{\Big (}\log 7+\left\lceil {\frac {|h'(\omega _{exp}+\delta _{est})|}{1-(1-\gamma )^{s_{\max }}}}\right\rceil {\Big )}{\sqrt {1-2\log \epsilon _{s}}}}$

Pseudo Code

• Input:${\displaystyle n,\delta }$
  
• Output:${\displaystyle K_{A},K_{B}}$
  

Stage 1 Distribution and measurement

1. For every block Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle j\in [m]}
   1. Set ${\displaystyle i=0}$ and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle C_j=\bot} .
   2. While Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle i\leq s_{max}}
      1. Set Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle i=i+1}
      2. Sender and Receiver choose a random bit Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle T_{i}\in \{0,1\}} such that Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle P(T_{i}=1)=\gamma } .
      3. If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle T_{i}=0} then Alice and Bob choose inputs Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle (X_{i},Y_{i})=(0,2)} .
      4. Else they choose ${\displaystyle X_{i},Y_{i}\in \{0,1\}}$ (the observables for the CHSH test).
      5. Sender and Receiver use their devices with the respective inputs and record their outputs, ${\displaystyle A_{i}}$ and ${\displaystyle B_{i}}$ respectively.
      6. If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle T_{i}=1} they set Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle i=s_{max}+1} .

• At this stage Sender holds strings ${\displaystyle X_{1}^{n},A_{1}^{n}}$ and Receiver ${\displaystyle Y_{1}^{n},B_{1}^{n}}$, all of length ${\displaystyle n}$.

Stage 2 Error Correction

• Sender and Receiver apply the error correction protocol Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle EC} , communicating script Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle O_{EC}} in the process.

1. If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle EC} aborts, they abort the protocol
2. Else they obtain raw keys Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\tilde {A}}_{1}^{n}} and Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\tilde {B}}_{1}^{n}} .

Stage 3 Parameter estimation

1. Using ${\displaystyle B_{1}^{n}}$ and Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\tilde {B}}_{1}^{n}} , Receiver sets ${\displaystyle C_{i}}$
   1. If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle T_{i}=1} and Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle A_{i}\oplus B_{i}=X_{i}\cdot Y_{i}} then Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle C_{i}=1}
   2. If Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle T_i=1} and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A_i\oplus B_i=X_i\cdot Y_i} then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle C_i=0}
   3. If Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle T_i=1} and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A_i\oplus B_i=X_i\cdot Y_i} then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle C_i=\bot}
2. He aborts If Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \sum_j C_j<m\times \Bigg(\omega_{exp}-\delta_{est}}(1-(1-\gamma)^{s_{\max}\Bigg)) *\textit{i.e.}, if they do not achieve the expected violation. <u>'''Stage 4'''</u> Privacy amplification *<math>PA(\cdot,\cdot)} is a privacy amplification subroutine
3. Sender and Receiver run Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle PA(A_1^{n'},\tilde{B}_1^{n'})} and obtain secret keys Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle K_A, K_B} ;

Further Information