Table of Contents
- Introduction
- What Is QKD Security?
- Security Paradigm Shift: Classical vs Quantum
- Physical Principles Behind QKD Security
- Security from the No-Cloning Theorem
- Measurement Disturbance Principle
- Eavesdropping Detection in QKD
- Quantum Bit Error Rate (QBER)
- Error Thresholds in QKD Protocols
- Privacy Amplification
- Information Reconciliation
- Composable Security Framework
- Individual, Collective, and Coherent Attacks
- Security Proofs Against Coherent Attacks
- Device-Independent Security
- Finite-Key Security Analysis
- Entropic Uncertainty Relations
- Side-Channel Attacks and Countermeasures
- Trojan Horse Attacks
- Photon Number Splitting (PNS) Attacks
- Decoy State Method
- Authentication of Classical Channels
- Post-Quantum Cryptography vs QKD
- Regulatory and Practical Considerations
- Conclusion
1. Introduction
Quantum Key Distribution (QKD) offers unconditional security based on the laws of quantum physics, not computational hardness. This makes it resilient even against adversaries with quantum computers.
2. What Is QKD Security?
QKD security is the guarantee that any eavesdropping attempt will be detected, and that a secret key can still be distilled with provable bounds on the amount of leaked information.
3. Security Paradigm Shift: Classical vs Quantum
| Aspect | Classical Crypto | Quantum Crypto (QKD) |
|---|---|---|
| Based on | Algorithmic difficulty | Physical principles |
| Broken by QC | Yes (e.g., RSA, ECC) | No |
| Eavesdropping | Undetectable | Detectable |
4. Physical Principles Behind QKD Security
QKD relies on:
- The no-cloning theorem
- The disturbance caused by measurement
- The uncertainty principle
5. Security from the No-Cloning Theorem
The no-cloning theorem ensures that an unknown quantum state cannot be duplicated:
\[
|\psi\rangle \nrightarrow |\psi\rangle \otimes |\psi\rangle
\]
Eavesdroppers cannot copy quantum bits undetectably.
6. Measurement Disturbance Principle
Measuring a quantum state collapses it. If Eve tries to intercept and measure a qubit, it changes the qubit’s state, introducing detectable errors.
7. Eavesdropping Detection in QKD
By publicly comparing a subset of their key, Alice and Bob can compute the Quantum Bit Error Rate (QBER). If the QBER exceeds a threshold, they abort the protocol.
8. Quantum Bit Error Rate (QBER)
The fraction of mismatches between Alice’s and Bob’s raw key:
\[
\text{QBER} = \frac{\text{Number of Errors}}{\text{Total Bits Compared}}
\]
A high QBER indicates potential eavesdropping.
9. Error Thresholds in QKD Protocols
- BB84 tolerates QBER up to ~11%
- E91 tolerates up to ~7–10% depending on implementation
- Beyond these, key generation is insecure
10. Privacy Amplification
A post-processing step to remove leaked information by compressing the raw key using universal hash functions.
11. Information Reconciliation
Before privacy amplification, Alice and Bob must:
- Reconcile bit discrepancies
- Use error correction (e.g., Cascade, LDPC codes)
- Minimize information revealed to Eve
12. Composable Security Framework
Security proofs today ensure composable security:
- Security holds even when QKD is part of a larger protocol
- Guarantees hold when keys are reused or chained
13. Individual, Collective, and Coherent Attacks
- Individual attacks: one qubit at a time
- Collective attacks: measure all qubits independently, store for joint analysis
- Coherent attacks: interact with multiple qubits jointly — most powerful and general
14. Security Proofs Against Coherent Attacks
Modern QKD security proofs use:
- Entropic uncertainty relations
- Quantum de Finetti theorems
- Smooth min-entropy bounds
To prove security even against the most general attacks.
15. Device-Independent Security
Device-Independent QKD (DI-QKD) uses Bell inequality violations to ensure security, even if devices are untrusted or malicious.
16. Finite-Key Security Analysis
Real systems exchange a finite number of bits. Finite-key analysis provides tight bounds on security parameters using statistics and confidence levels.
17. Entropic Uncertainty Relations
A generalization of Heisenberg’s principle that quantifies the uncertainty Eve must have if Alice and Bob share strong correlations.
18. Side-Channel Attacks and Countermeasures
Real devices can leak unintended info:
- Time-shift attacks
- Detector blinding
- Phase remapping
Countermeasures include:
- Monitoring device behavior
- Introducing randomness
- Using Measurement-Device-Independent QKD (MDI-QKD)
19. Trojan Horse Attacks
Eve sends light into Alice/Bob’s device and analyzes the reflected light to learn settings. Prevented by:
- Optical isolators
- Filters
- Watchdog detectors
20. Photon Number Splitting (PNS) Attacks
When weak coherent pulses are used, Eve may split off a photon. Decoy state QKD prevents this by randomizing signal intensity.
21. Decoy State Method
Alice sends random decoy pulses to detect PNS attacks by monitoring the yield and QBER of different intensities.
22. Authentication of Classical Channels
The classical communication channel must be authenticated using:
- Pre-shared keys
- MACs (Message Authentication Codes)
- Post-quantum secure digital signatures
23. Post-Quantum Cryptography vs QKD
| Feature | Post-Quantum Crypto | QKD |
|---|---|---|
| Based on | Hard math problems | Quantum mechanics |
| Forward secrecy | Not guaranteed | Yes (with ephemeral keys) |
| Implementation cost | Software-based | Hardware-intensive |
24. Regulatory and Practical Considerations
- NIST and ETSI are developing QKD standards
- Cost and infrastructure limit widespread use
- Integration with classical networks is active research
25. Conclusion
QKD security is grounded in the unassailable laws of quantum physics. With defenses against even the most sophisticated attacks — including future quantum adversaries — it offers unmatched cryptographic strength. While practical deployment faces challenges, QKD is already securing some of the world’s most sensitive communications, laying the groundwork for a truly quantum-secure future.