The security theory in quantum key distribution seems limited and incomplete, and the present theory cannot guarantee unconditional security, researchers said.
Until now, the majority of researchers in quantum information science felt quantum cryptography (quantum key distribution) can provide unconditional security. The guarantee of its unconditional security comes from the trace distance, which is a quantum version of the evaluation of a mathematical cipher, said researchers at Tamagawa University, Quantum ICT Research Institute.
However, since 2006, new developments in the field have cast criticism over the meaningful security of cryptography ensured only by the trace distance. Despite these criticisms, research continued to claim trace distance guarantees unconditional security in quantum key distribution.
Researchers at Quantum ICT have now succeeded in clarifying a logical path between the present theory and criticisms of it. Consequently, they showed the present theory does not work to quantify security, and cannot provide the unconditional security given in Shannon’s theory, the theory that rigorously defines the security for an unbreakable cipher.
Research has said the trace distance, d, guarantees unconditional security in quantum key distribution (QKD). However, in their new paper, researchers explain explicitly the main misconception in the claim of unconditional security for QKD theory.
In general terms, the cause of the misunderstanding in the security claim is the Lemma in Renner’s paper. It suggests the generation of a perfect random key comes from the probability (1-d), and that its failure probability is d.
Thus, it concludes the generated key provides a perfect random key sequence when the protocol succeeds. In this way QKD provides perfect secrecy (unconditional security) to a type of encryption termed ‘the one-time pad.’
H. P. Yuen at Northwestern University proved the trace distance quantity does not give the probability of such an event. If d is not small enough, the generated key sequence is never perfectly random. The evaluation of the trace distance now requires reconstruction if you are going to use it. However, QKD theory groups have not accepted this criticism, and have invented many upper-bound evaluation theories for the trace distance.
The researchers clarified the most recent upper bound theories for the trace distance are constructed again by the reasoning of Renner, who originally introduced the concept. It is thus unsuitable to quantify the information theoretic security of QKD, and the unconditional security defined by Shannon is not satisfied.
As a result, Yuen’s theory is correct, and at present there is no theoretical proof of the unconditional security for any QKD.