New security proof for device-independent quantum key distribution

Ernest Tan, a CQT alumnus, worked with CQT Fellow Charles Lim and his PhD advisor Renato Renner at ETH Zurich on a security proof for device-independent quantum key distribution with 'advantage distillation'.

When Alice and Bob talk more often, they can better outsmart an eavesdropper to make a secure encryption key. This was a known fact for quantum key distribution – now researchers including CQT Fellow Charles Lim and CQT alumnus Ernest Tan have shown it holds true for device-independent quantum key distribution (DIQKD) as well.

The team published their finding in Physical Review Letters in January, writing it “could help to pave the way towards an experimental implementation of DIQKD”.

The goal of quantum key distribution is to give two parties, traditionally known as Alice and Bob, matching and private encryption keys. These keys are just a random list of 1s and 0s. Alice and Bob can use these keys to scramble and unscramble a secret message sent between them.

In DIQKD, Alice and Bob make a shared secret key using entangled quantum devices. These devices might be light detectors receiving pairs of entangled photons, for example. A scheme is ‘device-independent’ when it does not require detailed knowledge about how the devices are performing measurements.

Existing security proofs for DIQKD deal with protocols where Alice and Bob communicate just once during key distribution, after the devices have output all their measurements. Alice sends a public message to Bob that encodes some ‘error-correction information’ about her raw data. Bob can use this message to process his raw data and determine if the key is secure.

When Eve knows more

What the researchers investigated is a two-way communication protocol, where Alice and Bob talk more often to each other, known as a repetition-code protocol. This is already well studied for standard QKD. The team extends its security proof to DIQKD, finding the protocol gives an advantage over any eavesdropper – traditionally known as Eve – attempting to intercept the key.

“When there was only one-way communication, if Eve has more information than Bob about Alice’s data, you won't be able to get a secure key, at least not by using the raw data directly. But in this case, you would still be able to distil a secret key in some cases where previously it was impossible. It is kind of surprising because it tells you that you can still do something even if Eve has more information than Bob,” says Ernest.

Ernest is currently a PhD student at ETH Zurich. He majored in Physics as an undergraduate student in NUS and completed his master’s degree at CQT with Principal Investigator Valerio Scarani’s group. Ernest worked on the new proof with his PhD advisor Renato Renner and with Charles, who is appointed both at CQT and in the NUS Faculty of Engineering.

Distilling an advantage

When Eve tries to learn the secret key for herself, the principles of quantum physics mean that her eavesdropping creates noise in the system. This shows up to Alice and Bob as mismatching bits in their keys. The more noise, the more information Eve is assumed to have. Alice and Bob may decide that Eve has too much information for them to generate a secure key and so discard their data.

In the repetition-code protocol, Alice and Bob break up their raw data into smaller blocks of bits. Then, Alice randomly generates a bit on her own, adding it to each digit of her block. She sends this as a message to Bob. For example, if Alice has a block 010 and she randomly generates 1, she sends Bob 101.

Bob then subtracts his block from Alice’s message. If Bob’s block matched Alice’s, Bob’s subtraction shows him the random bit that Alice added. In the example above, he would compute 101 - 010 to get 111. Bob can then reply to accept this block, guessing that Alice has generated the random bit 1. If Bob’s raw data had not matched Alice’s, the bits he computes will not have the same value, and he rejects the block.

This process is repeated for all the blocks. The protocol puts Eve in a situation where she knows less than Bob about the random bits that Alice produced. Alice and Bob then generate their final secret key from these random bits. By selecting only the blocks where their raw data match, Alice and Bob can obtain a secret key in the presence of more noise, regardless of whether the noise came from an eavesdropper or an imperfect implementation.

Ernest hopes to further improve the proof technique for two-way communication in DIQKD. At the same time, he is also collaborating with Charles’ group to improve the known security proofs for one-way communication protocols for DIQKD. A preprint of their work can be found on the arXiv.