Full security of quantum key distribution from no-signaling constraints

We analyze a cryptographic protocol for generating a distributed secret key from correlations that violate a Bell inequality by a sufficient amount, and prove its security against eavesdroppers, constrained only by the assumption that any information accessible to them must be compatible with the non-signaling principle. The claim holds with respect to the state-of-the-art security definition used in cryptography, known as universally-composable security. The non-signaling assumption only refers to the statistics of measurement outcomes depending on the choices of measurements; hence security is independent of the internal workings of the devices --- they do not even need to follow the laws of quantum theory. This is relevant for practice as a correct and complete modeling of realistic devices is generally impossible. The techniques developed are general and can be applied to other Bell inequality-based protocols. In particular, we provide a scheme for estimating Bell-inequality violations when the samples are not independent and identically distributed.Comment: 15 pages, 2 figur

Quantum Cryptography Based Solely on Bell's Theorem

Information-theoretic key agreement is impossible to achieve from scratch and must be based on some - ultimately physical - premise. In 2005, Barrett, Hardy, and Kent showed that unconditional security can be obtained in principle based on the impossibility of faster-than-light signaling; however, their protocol is inefficient and cannot tolerate any noise. While their key-distribution scheme uses quantum entanglement, its security only relies on the impossibility of superluminal signaling, rather than the correctness and completeness of quantum theory. In particular, the resulting security is device independent. Here we introduce a new protocol which is efficient in terms of both classical and quantum communication, and that can tolerate noise in the quantum channel. We prove that it offers device-independent security under the sole assumption that certain non-signaling conditions are satisfied. Our main insight is that the XOR of a number of bits that are partially secret according to the non-signaling conditions turns out to be highly secret. Note that similar statements have been well-known in classical contexts. Earlier results had indicated that amplification of such non-signaling-based privacy is impossible to achieve if the non-signaling condition only holds between events on Alice's and Bob's sides. Here, we show that the situation changes completely if such a separation is given within each of the laboratories.Comment: 32 pages, v2: changed introduction, added reference

Quantifying the randomness of copies of noisy Popescu-Rohrlich correlations

In a no-signaling world, the outputs of a nonlocal box cannot be completely predetermined, a feature that is exploited in many quantum information protocols exploiting non-locality, such as device-independent randomness generation and quantum key distribution. This relation between non-locality and randomness can be formally quantified through the min-entropy, a measure of the unpredictability of the outputs that holds conditioned on the knowledge of any adversary that is limited only by the no-signaling principle. This quantity can easily be computed for the noisy Popescu-Rohrlich (PR) box, the paradigmatic example of non-locality. In this paper, we consider the min-entropy associated to several copies of noisy PR boxes. In the case where n noisy PR-boxes are implemented using n non-communicating pairs of devices, it is known that each PR-box behaves as an independent biased coin: the min-entropy per PR-box is constant with the number of copies. We show that this doesn't hold in more general scenarios where several noisy PR-boxes are implemented from a single pair of devices, either used sequentially n times or producing n outcome bits in a single run. In this case, the min-entropy per PR-box is smaller than the min-entropy of a single PR-box, and it decreases as the number of copies increases.Comment: 14 pages + 8 figures. Mathematica files attached. Comments welcom

Limitations on device independent secure key via squashed non-locality

We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We employ the idea of "squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called "squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, additivity on tensor products, and asymptotic continuity. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero, and therefore one can not distil key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR box less than $80\%$. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension, which yields equivalent security conditions as previously known in the literature.Comment: 12 pages and 2 figures + supplemental materia

Fundamental limits on key rates in device-independent quantum key distribution

In this paper, we introduce intrinsic non-locality as a quantifier for Bell non-locality, and we prove that it satisfies certain desirable properties such as faithfulness, convexity, and monotonicity under local operations and shared randomness. We then prove that intrinsic non-locality is an upper bound on the secret-key-agreement capacity of any device-independent protocol conducted using a device characterized by a correlation $p$. We also prove that intrinsic steerability is an upper bound on the secret-key-agreement capacity of any semi-device-independent protocol conducted using a device characterized by an assemblage $\hat{\rho}$. We also establish the faithfulness of intrinsic steerability and intrinsic non-locality. Finally, we prove that intrinsic non-locality is bounded from above by intrinsic steerability.Comment: 44 pages, 4 figures, final version accepted for publication in New Journal of Physic

Bell nonlocality

Bell's 1964 theorem, which states that the predictions of quantum theory cannot be accounted for by any local theory, represents one of the most profound developments in the foundations of physics. In the last two decades, Bell's theorem has been a central theme of research from a variety of perspectives, mainly motivated by quantum information science, where the nonlocality of quantum theory underpins many of the advantages afforded by a quantum processing of information. The focus of this review is to a large extent oriented by these later developments. We review the main concepts and tools which have been developed to describe and study the nonlocality of quantum theory, and which have raised this topic to the status of a full sub-field of quantum information science.Comment: 65 pages, 7 figures. Final versio

Universally-composable privacy amplification from causality constraints

We consider schemes for secret key distribution which use as a resource correlations that violate Bell inequalities. We provide the first security proof for such schemes, according to the strongest notion of security, the so called universally-composable security. Our security proof does not rely on the validity of quantum mechanics, it solely relies on the impossibility of arbitrarily-fast signaling between separate physical systems. This allows for secret communication in situations where the participants distrust their quantum devices.Comment: 4 page

Certified randomness in quantum physics

The concept of randomness plays an important role in many disciplines. On one hand, the question of whether random processes exist is fundamental for our understanding of nature. On the other hand, randomness is a resource for cryptography, algorithms and simulations. Standard methods for generating randomness rely on assumptions on the devices that are difficult to meet in practice. However, quantum technologies allow for new methods for generating certified randomness. These methods are known as device-independent because do not rely on any modeling of the devices. Here we review the efforts and challenges to design device-independent randomness generators.Comment: 18 pages, 3 figure