Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

Provably Secure and Practical Quantum Key Distribution over 307 km of Optical Fibre

Proposed in 1984, quantum key distribution (QKD) allows two users to exchange provably secure keys via a potentially insecure quantum channel. Since then, QKD has attracted much attention and significant progress has been made in both theory and practice. On the application front, however, the operating distance of practical fibre-based QKD systems is limited to about 150 km, which is mainly due to the high background noise produced by commonly used semiconductor single-photon detectors (SPDs) and the stringent demand on the minimum classical- post-processing (CPP) block size. Here, we present a compact and autonomous QKD system that is capable of distributing provably-secure cryptographic key over 307 km of ultra-low-loss optical fibre (51.9 dB loss). The system is based on a recently developed standard semiconductor (inGaAs) SPDs with record low background noise and a novel efficient finite-key security analysis for QKD. This demonstrates the feasibility of practical long-distance QKD based on standard fibre optic telecom components.Comment: 6+7 pages, 3 figure

Tight Finite-Key Analysis for Quantum Cryptography

Despite enormous progress both in theoretical and experimental quantum cryptography, the security of most current implementations of quantum key distribution is still not established rigorously. One of the main problems is that the security of the final key is highly dependent on the number, M, of signals exchanged between the legitimate parties. While, in any practical implementation, M is limited by the available resources, existing security proofs are often only valid asymptotically for unrealistically large values of M. Here, we demonstrate that this gap between theory and practice can be overcome using a recently developed proof technique based on the uncertainty relation for smooth entropies. Specifically, we consider a family of Bennett-Brassard 1984 quantum key distribution protocols and show that security against general attacks can be guaranteed already for moderate values of M.Comment: 11 pages, 2 figure

Security of Plug-and-Play QKD Arrangements with Finite Resources

The security of a passive plug-and-play QKD arrangement in the case of finite (resources) key lengths is analysed. It is assumed that the eavesdropper has full access to the channel so an unknown and untrusted source is assumed. To take into account the security of the BB84 protocol under collective attacks within the framework of quantum adversaries, a full treatment provides the well-known equations for the secure key rate. A numerical simulation keeping a minimum number of initial parameters constant as the total error sought and the number of pulses is carried out. The remaining parameters are optimized to produce the maximum secure key rate. Two main strategies are addressed: with and without two-decoy-states including the optimization of signal to decoy relationship

Finite-key security analysis for multilevel quantum key distribution

We present a detailed security analysis of a d-dimensional quantum key distribution protocol based on two and three mutually unbiased bases (MUBs) both in an asymptotic and finite key length scenario. The finite secret key rates are calculated as a function of the length of the sifted key by (i) generalizing the uncertainly relation-based insight from BB84 to any d-level 2-MUB QKD protocol and (ii) by adopting recent advances in the second-order asymptotics for finite block length quantum coding (for both d-level 2- and 3-MUB QKD protocols). Since the finite and asymptotic secret key rates increase with d and the number of MUBs (together with the tolerable threshold) such QKD schemes could in principle offer an important advantage over BB84. We discuss the possibility of an experimental realization of the 3-MUB QKD protocol with the orbital angular momentum degrees of freedom of photons.Comment: v4: close to the published versio