SECURITY OF QUANTUM KEY DISTRIBUTION

Abstract

Quantum Information Theory is an area of physics which studies both fundamental and applied issues in quantum mechanics from an information-theoretical viewpoint. The underlying techniques are, however, often restricted to the analysis of systems which satisfy a certain independence condition. For example, it is assumed that an experiment can be repeated independently many times or that a large physical system consists of many virtually independent parts. Unfortunately, such assumptions are not always justified. This is particularly the case for practical applications — e.g. in quantum cryptography — where parts of a system might have an arbitrary and unknown behavior. We propose an approach which allows us to study general physical systems for which the above mentioned independence condition does not necessarily hold. It is based on an extension of various information-theoretical notions. For example, we introduce new uncertainty measures, called smooth min- and max-entropy, which are generalizations of the von Neumann entropy. Furthermore, we develop a quantum version of de Finetti's representation theorem, as described below. Consider a physical system consisting of n parts. These might, for instance, be the outcomes of n runs of a physical experiment. Moreover, we assume that the joint state of this n-partite system can be extended to an (n + k)-partite state which is symmetric under permutations of its parts (for some k ≫ 1). The de Finetti representation theorem then says that the original n-partite state is, in a certain sense, close to a mixture of product states. Independence thus follows (approximatively) from a symmetry condition. This symmetry condition can easily be met in many natural situations. For example, it holds for the joint state of n parts, which are chosen at random from an arbitrary (n + k)-partite system. As an application of these techniques, we prove the security of quantum key distribution (QKD), i.e. secret key agreement by communication over a quantum channel. In particular, we show that, in order to analyze QKD protocols, it is generally sufficient to consider so-called collective attacks, where the adversary is restricted to applying the same operation to each particle sent over the quantum channel separately. The proof is generic and thus applies to known protocols such as BB84 and B92 (where better bounds on the secret-key rate and on the the maximum tolerated noise level of the quantum channel are obtained) as well as to continuous variable schemes (where no full security proof has been known). Furthermore, the security holds with respect to a strong so-called universally composable definition. This implies that the keys generated by a QKD protocol can safely be used in any application, e.g. for one-time pad encryption — which, remarkably, is not the case for most standard definitions.