Security of Quantum Key Distribution

Abstract

The security issues facing quantum key distribution (QKD) are explained, herein focusing on those issues that are cryptographic and information theoretic in nature and not those based on physics. The problem of security criteria is addressed. It is demonstrated that an attacker's success probabilities are the fundamental criteria of security that any theoretic security criterion must relate to in order to have operational significance. The errors committed in the prevalent interpretation of the trace distance criterion are analyzed. The security proofs of QKD protocols are discussed and assessed in regard to three main features: their validity, completeness, and adequacy of the achieved numerical security level. Problems are identified in all these features. It appears that the QKD security situation is quite different from the common perception that a QKD-generated key is nearly perfectly secure. Built into our discussion is a simple but complete quantitative description of the information theoretic security of classical key distribution that is also applicable to the quantum situation. In the appendices, we provide a brief outline of the history of some major QKD security proofs, a rather unfavorable comparison of current QKD proven security with that of conventional symmetric key ciphers, and a list of objections and answers concerning some major points of the paper