Unconditional Security of Single-Photon Differential Phase Shift Quantum Key Distribution

In this Letter, we prove the unconditional security of single-photon differential phase shift quantum key distribution (DPS-QKD) protocol, based on the conversion to an equivalent entanglement-based protocol. We estimate the upper bound of the phase error rate from the bit error rate, and show that DPS-QKD can generate unconditionally secure key when the bit error rate is not greater than 4.12%. This proof is the first step to the unconditional security proof of coherent state DPS-QKD.Comment: 5 pages, 2 figures; shorten the length, improve clarity, and correct typos; accepted for publication in Physical Review Letter

Optimal ratio between phase basis and bit basis in QKD

In the original BB84 protocol, the bit basis and the phase basis are used with equal probability. Lo et al (J. of Cryptology, 18, 133-165 (2005)) proposed to modify the ratio between the two bases by increasing the final key generation rate. However, the optimum ratio has not been derived. In this letter, in order to examine this problem, the ratio between the two bases is optimized for exponential constraints given Eve's information distinguishability and the final error probability

A simple proof of the unconditional security of quantum key distribution

Quantum key distribution is the most well-known application of quantum cryptography. Previous proposed proofs of security of quantum key distribution contain various technical subtleties. Here, a conceptually simpler proof of security of quantum key distribution is presented. The new insight is the invariance of the error rate of a teleportation channel: We show that the error rate of a teleportation channel is independent of the signals being transmitted. This is because the non-trivial error patterns are permuted under teleportation. This new insight is combined with the recently proposed quantum to classical reduction theorem. Our result shows that assuming that Alice and Bob have fault-tolerant quantum computers, quantum key distribution can be made unconditionally secure over arbitrarily long distances even against the most general type of eavesdropping attacks and in the presence of all types of noises.Comment: 13 pages, extended abstract. Comments will be appreciate

Unconditionally Secure Bit Commitment

We describe a new classical bit commitment protocol based on cryptographic constraints imposed by special relativity. The protocol is unconditionally secure against classical or quantum attacks. It evades the no-go results of Mayers, Lo and Chau by requiring from Alice a sequence of communications, including a post-revelation verification, each of which is guaranteed to be independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev. Let

Security of practical private randomness generation

Measurements on entangled quantum systems necessarily yield outcomes that are intrinsically unpredictable if they violate a Bell inequality. This property can be used to generate certified randomness in a device-independent way, i.e., without making detailed assumptions about the internal working of the quantum devices used to generate the random numbers. Furthermore these numbers are also private, i.e., they appear random not only to the user, but also to any adversary that might possess a perfect description of the devices. Since this process requires a small initial random seed, one usually speaks of device-independent randomness expansion. The purpose of this paper is twofold. First, we point out that in most real, practical situations, where the concept of device-independence is used as a protection against unintentional flaws or failures of the quantum apparatuses, it is sufficient to show that the generated string is random with respect to an adversary that holds only classical-side information, i.e., proving randomness against quantum-side information is not necessary. Furthermore, the initial random seed does not need to be private with respect to the adversary, provided that it is generated in a way that is independent from the measured systems. The devices, though, will generate cryptographically-secure randomness that cannot be predicted by the adversary and thus one can, given access to free public randomness, talk about private randomness generation. The theoretical tools to quantify the generated randomness according to these criteria were already introduced in [S. Pironio et al, Nature 464, 1021 (2010)], but the final results were improperly formulated. The second aim of this paper is to correct this inaccurate formulation and therefore lay out a precise theoretical framework for practical device-independent randomness expansion.Comment: 18 pages. v3: important changes: the present version focuses on security against classical side-information and a discussion about the significance of these results has been added. v4: minor changes. v5: small typos correcte

Universally Composable Quantum Multi-Party Computation

The Universal Composability model (UC) by Canetti (FOCS 2001) allows for secure composition of arbitrary protocols. We present a quantum version of the UC model which enjoys the same compositionality guarantees. We prove that in this model statistically secure oblivious transfer protocols can be constructed from commitments. Furthermore, we show that every statistically classically UC secure protocol is also statistically quantum UC secure. Such implications are not known for other quantum security definitions. As a corollary, we get that quantum UC secure protocols for general multi-party computation can be constructed from commitments

Physical Underpinnings of Privacy

One of the remarkable features of quantum mechanics is the ability to ensure secrecy. Private states embody this effect, as they are precisely those multipartite quantum states from which two parties can produce a shared secret that cannot in any circumstance be correlated to an external system. Naturally, these play an important role in quantum key distribution (QKD) and quantum information theory. However, a general distillation method has heretofore been missing. Inspired by Koashi's complementary control scenario (arXiv:0704.3661v1 [quant-ph]), we give a new definition of private states in terms of one party's potential knowledge of two complementary measurements made on the other and use this to construct a general method of private state distillation using quantum error-correcting codes. The procedure achieves the same key rate as recent, more information-theoretic approaches while demonstrating the physical principles underlying privacy of the key. Additionally, the same approach can be used to establish the hashing inequality for entanglement distillation, as well as the direct quantum coding theorem.Comment: 12.5 page

One-way quantum key distribution: Simple upper bound on the secret key rate

We present a simple method to obtain an upper bound on the achievable secret key rate in quantum key distribution (QKD) protocols that use only unidirectional classical communication during the public-discussion phase. This method is based on a necessary precondition for one-way secret key distillation; the legitimate users need to prove that there exists no quantum state having a symmetric extension that is compatible with the available measurements results. The main advantage of the obtained upper bound is that it can be formulated as a semidefinite program, which can be efficiently solved. We illustrate our results by analysing two well-known qubit-based QKD protocols: the four-state protocol and the six-state protocol. Recent results by Renner et al., Phys. Rev. A 72, 012332 (2005), also show that the given precondition is only necessary but not sufficient for unidirectional secret key distillation.Comment: 11 pages, 1 figur

Quantum key distribution with delayed privacy amplification and its application to security proof of a two-way deterministic protocol

Privacy amplification (PA) is an essential post-processing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD with a two-way quantum channel, and also it is useful in QKD networks with trusted relays. To illustrate the power of the delayed PA idea, we use it to prove the security of a qubit-based two-way deterministic QKD protocol which uses four states and four encoding operations.Comment: 11 pages, 3 figure

Phase encoding schemes for measurement device independent quantum key distribution and basis-dependent flaw

In this paper, we study the unconditional security of the so-called measurement device independent quantum key distribution (MDIQKD) with the basis-dependent flaw in the context of phase encoding schemes. We propose two schemes for the phase encoding, the first one employs a phase locking technique with the use of non-phase-randomized coherent pulses, and the second one uses conversion of standard BB84 phase encoding pulses into polarization modes. We prove the unconditional security of these schemes and we also simulate the key generation rate based on simple device models that accommodate imperfections. Our simulation results show the feasibility of these schemes with current technologies and highlight the importance of the state preparation with good fidelity between the density matrices in the two bases. Since the basis-dependent flaw is a problem not only for MDIQKD but also for standard QKD, our work highlights the importance of an accurate signal source in practical QKD systems. Note: We include the erratum of this paper in Appendix C. The correction does not affect the validity of the main conclusions reported in the paper, which is the importance of the state preparation in MDIQKD and the fact that our schemes can generate the key with the practical channel mode that we have assumed.Comment: We include the erratum of this paper in Appendix C. The correction does not affect the validity of the main conclusions reported in the pape