Methods for analysing the security of quantum key distribution (QKD) schemes/protocols are still being developed [PAB+20, PR22].
These methods combine existing cryptographic notions and techniques with quantum information theory.
Depending on the implementation of the QKD scheme, physical laws governing the implementation (e.g., quantum-optical laws) also play a role.
Compared to computational security, which can be reduced to complexity-theoretic reasoning based on the Turing machine, methods for analysing the security of QKD schemes are thus more involved and, in terms of the transdisciplinary effort required, more challenging.
The security of a QKD scheme is typically analysed in terms of the level of success of 1️⃣ individual attacks, 2️⃣ collective attacks and 3️⃣ coherent attacks; in 🔼 increasing order of power given to the adversary [Wol21, Sec. 5.3.1].
Individual and collective attacks are usually considered in order to simplify the security analysis, but it is necessary to also consider coherent attacks in order to prove the security of a QKD scheme.
We can analyse the different types of attacks by the way 😈 Eve interacts with 👩 Alice’s signals and how Eve processes the information she gets in this
way.
General procedure for extracting information from a quantum system:
😈 Eve attaches an ancilla system in the predefined state to the quantum state transmitted by 👩 Alice; and are density-matrix representations of quantum states.
Informally, we say a QKD scheme is composable if the key it produces is almost as good as if it were distributed with an ideal key distribution protocol [Van06, Sec. 12.2.6].
A cryptographic primitive, which is secure when used with an ideally secret key, must still be secure if used with a QKD-distributed key.
Composability is critical since QKD-derived secret keys are used in other applications, e.g., data encryption [JCM+22].
Security evaluation of practical QKD implementations involves evaluating the level of success of “quantum hacking” (i.e., side-channel attacks on QKD).
References
[Gra21]
F. Grasselli, Quantum Cryptography: From Key Distribution to Conference Key Agreement, Quantum Science and Technology, Springer Cham, 2021. https://doi.org/10.1007/978-3-030-64360-7.
[JCM+22]
N. Jain, H.-M. Chin, H. Mani, C. Lupo, D. S. Nikolic, A. Kordts, S. Pirandola, T. B. Pedersen, M. Kolb, B. Ömer, C. Pacher, T. Gehring, and U. L. Andersen, Practical continuous-variable quantum key distribution with composable security, Nature Communications13 no. 1 (2022), 4740. https://doi.org/10.1038/s41467-022-32161-y.
[PAB+20]
S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ottaviani, J. L. Pereira, M. Razavi, J. Shamsul Shaari, M. Tomamichel, V. C. Usenko, G. Vallone, P. Villoresi, and P. Wallden, Advances in quantum cryptography, Advances in Optics and Photonics12 no. 4 (2020), 1012–1236. https://doi.org/10.1364/AOP.361502.
S. Schauer, Attack Strategies on QKD Protocols, in Applied Quantum Cryptography (C. Kollmitzer and M. Pivk, eds.), Lect. Notes Phys.797, Springer Berlin Heidelberg, 2010, pp. 71–95. https://doi.org/10.1007/978-3-642-04831-9_5.
[TL17]
M. Tomamichel and A. Leverrier, A largely self-contained and complete security proof for quantum key distribution, Quantum1 (2017), 14. https://doi.org/10.22331/q-2017-07-14-14.