We prove unconditional security for a quantum key distribution (QKD) protocol
based on distilling pbits (twisted ebits) [quant-ph/0309110] from an arbitrary
untrusted state that is claimed to contain distillable key. Our main result is
that we can verify security using only public communication -- via parameter
estimation of the given untrusted state. The technique applies even to bound
entangled states, thus extending QKD to the regime where the available quantum
channel has zero quantum capacity. We also show how to convert our
purification-based QKD schemes to prepare-measure schemes.Comment: Final version for IEEE TI