Bit-Error-Rate Guarantee for Quantum Key Distribution and Its Characteristics compared to Leftover Hash Lemma

摘要

The trace distance criterion for security of Quantum Key Distribution (QKD) has been widely perceived that its upper-bound is the maximum failure probability in distributing an ideal quantum state that the quantum system shared by legitimate users is decoupled from the quantum system the eavesdropper possesses, therefore the eavesdropper would not obtain any hints on the key shared by the legitimate users no matter how much her measurement is optimal. However, there an arbitrariness in the definition of the trace distance with the decoupled quantum system the eavesdropper possesses as the previous work pointed out, and such an arbitrariness would be confusions in guaranteeing the security of QKD. In this work, from the framework of Bit-Error-Rate (BER) Guarantee discussed also in the previous work, such an arbitrariness is removed from the definition of the trace distance criterion by discussing the similarities and differences between the security of QKD and classical information-theoretic cryptography by Leftover Hash Lemma (LHL). However, in the previous work BER Guarantee was derived under the assumption that the eavesdropper launches the weakest class of attack, so-called "Individual Attacks." Therefore, it is still unknown whether direct upper-bounding of the term would give tighter upper-bound in general, such as "Collective Attacks" or "Coherent Attacks", compared to the upper-bound by LHL, as well as the secure-key generation rate. This study also revisits the security proof of QKD given by P. Shor and J. Preskill in 2000.