A Simple Security Proof for Entanglement-Based Quantum Key Distribution

Quantum cryptography exploits the quantum mechanical properties of communication lines to enhance the security of the so-called key distribution. In this work, we explain the role played by quantum mechanics in cryptographic tasks and also investigate how secure is quantum cryptography. More importantly, we show by a simple security proof that for any state sent by the sender, the eavesdropper can only guess the output state with a probability that will allow her not to learn more than half of the classical Shannon information shared between the legitimate parties. This implies that with high probability, the shared key is secure.


Introduction
Quantum key distribution (QKD), one aspect of quantum cryptography, provides a secure method for distributing cryptographic keys between two parties conventionally known as Alice (sender) and Bob (receiver), who are connected by a quantum channel and an authenticated classical channel in the presence of an extremely competent malicious party, an eavesdropper, Eve [1].The security of a QKD protocol is mainly based on the laws of quantum mechanics, which state that (1) one cannot make a measurement without perturbing the system unless the quantum state is compatible with the measurement.If there is no disturbance in the system, then no measurement was made, which implies that there was no eavesdropping.Therefore, Eve cannot intercept the information being transmitted in the communication channel without introducing disturbances that would reveal her presence; this is also known as quantum indeterminacy; (2) it is impossible to duplicate an unknown quantum state with perfect fidelity.This means that Eve cannot intercept the channel and get hold of the quantum system, make a copy of the system and send the copy to Bob without being detected.Therefore, quantum mechanics guarantees that two parties can exchange a secret key securely because the key always remains uncompromised.However, the security of QKD is guaranteed providing that the implementation is perfect i.e. all parties perform as expected or provided; all the imperfections of the implementation have been correctly characterised.
The aim of this work is to present a simple security proof for a quantum protocol based on measurements performed on a maximally entangled state.In particular, we demonstrate how the laws of quantum mechanics afford security especially which properties are important in providing security for QKD protocols.This article is organized as follows.In Section 2 we briefly describe the quantum communication procedure.In Section 3, we provide a short review of QKD security.In Section 4, we give a description of the operation principle for our proposed entanglement-based protocol, which we are going to study.In this section we also outline the security requirements for QKD.Our main result is that the success guessing probability, p for the eavesdropper to guess the state sent by Alice or received by Bob will always result in Eve gaining less than half of the information being transmitted i.e., is the classical Shannon information and G is the guess for output A (Alice) when given E (Eve).This means that the eavesdropper can only learn less of the transmitted information and this forbids her from trying to reconstruct the original message shared by the legitimate parties with high accuracy.This implies that the exchanged secret key is always secure.Lastly, Section 5 is the conclusion.

Quantum Communication Procedure
Alice and Bob first use the quantum channel to distribute quantum states and then apply a quantum key distillation scheme to generate a common string of secret correlated data which are later transformed into a secret key.The eavesdropper can freely interact with the transmitted states while the two parties communicate and try to extract information.However, Eve can only perform the most general attack allowed by the laws of quantum mechanics.The quantum channel is used to transmit quantum signals while the classical channel is used to transmit classical information.The classical channel is authenticated so that Eve cannot learn the information that is being transmitted.
In a real world, at the end of the protocol, Alice outputs the key S A while Bob outputs the key S B .The output keys must be identical, but because of the presence of an eavesdropper and errors in the channel, the keys are almost identical.However, in the ideal world, Eve's access of the key is detected and also there are no errors in the communication channel, therefore Alice and Bob generate a perfect secret key S which is of length l.This is shown in Figure 1.This perfect secret key is then used for sending private messages by means of the one-time pad.

Review of QKD Security
In the last two decades, a lot of progress has been realized in the study of QKD security.Today, the unconditional security i.e., security guaranteed in an information-theoretical sense has been established for many protocols.The first unconditional security proof of QKD was proposed by Mayers in 1996 [11].Since then, various techniques for proving the security of QKD protocols have been developed [10].The security proofs generally depend on the construction of the protocol and also on its practical implementation.For example, the unconditional security proofs for the BB84 based protocols have long since been realized [12].This is mainly because they share a common property of being symmetrical.On the side, the security proofs for the class of DPR protocols still remain unrealized [10] [13], mainly because their construction and encoding deviates from the usual symmetry that exist in BB84-type based protocols.Moreover, the previous security proofs could provide bounds only in the asymptotic limit of infinitely long keys, which is not realistic.But recently, the tools for studying QKD security in the finite-size limit have now become available [14].This has been followed by various studies on security in the finite-size limit [14]- [21].In these papers, it was shown that the bits which are processed in QKD are indeed of finite length.
However, one of the greatest challenges that still remain in QKD implementations is a mismatch between the theoretical security proofs to real devices.This is because several assumptions are usually made when proving the security of QKD protocols.These assumptions are; devices do what they are supposed to do (according to a specified model) and not more, there should be access to perfect or almost perfect randomness (locally), there should be no side-channels and quantum theory is correct.
In order for a QKD protocol to be secure, it has to satisfy a number of security requirements.These requirements are [22]; a) correctness-a QKD protocol is called ε cor -correct if, for any strategy by the eave- c) Robustness-a QKD protocol is said to be "robust" if it's guaranteed that it does not abort as long as the eavesdropper is inactive.When an eavesdropper is inactive, the protocol would continue to generate a secret key, otherwise if an adversary tampers with the quantum channel, the protocol recognises the attack and aborts the computation of the key.d) Finally, a QKD is secure if it is correct and secret, that a protocol is ε-secure, if it is ε cor -correct and ε sec with cor sec ε ε ε + ≤ .

Operation of Our Proposed QKD Protocol
A source prepares and distributes a maximally entangled quantum state where one system is sent to Alice and another to Bob.This is shown in Figure 2. Alice and Bob then perform measurements in two mutually unbiased bases on their system respectively.In the absence of an eavesdropper, if they measure in the same basis they obtain perfectly correlated outcomes, which are completely random.The three parties will then share a quantum state ABE ψ . An example of this protocol is the E91 protocol [4].If the authorized parties notice some errors in Bob's measurements, this implies that Eve has measured some of the photon polarizations.Therefore, QKD is secure because either of the following happens; if the error rate observed by Alice and Bob is lower than a critical value usually referred to as quantum-bit-error rate (QBER), in which case a secret key can be extracted by using techniques of classical information theory.However, if the error rate is larger than QBER, Alice and Bob throw their data away and never use them to encode any message.Therefore, the eavesdropper is prevented from learning any messages being communicated from Alice to Bob.
Our proposed protocol is executed by the following steps: a) Alice chooses to measure photons in a certain basis and also the measurement direction of the polarisation e.g., Alice chooses α φ and Bob chooses β φ .
b) Repeat this experiment many times and check whether the statistics are compatible with the law of physics , where the angle α φ and β φ denotes the measurement direction of the polarisation [23].c) If the statistics are compatible, then they may choose a particular basis 0 and take A S A = and B S B = , if not then A B S S = =⊥ i.e., they abort the protocol.Theorem: Let G: guess for output A or B (on input 0 α φ = ).We prove that for the classical random variable α , β and є corresponding respectively to Alice, Bob and Eve's measurement outcomes, the joint entropy between Alice and Eve is always less than half, i.e., ( ) I α ε ≤ .Proof: In the protocol, Alice and Bob test the presence of an eavesdropper by publicly comparing polarizations of a random subset of the photons on which they think they should agree.The probability that a photon sent by Alice is detected by Bob is . This means that  As mentioned above, let α, β and є be the classical random variables obtained by Alice, Bob and Eve, respectively, when they perform measurements on their quantum Table 1.Example of transmission of qubits between Alice and Bob showing some various possibilities and the result of the inferred bits.The probability that the eavesdropper makes a correct guess on the output held by Alice and Bob is written as  , respectively, and δ is any value between 0 to 1.
where ( ) ( ) ( ) is the mutual information between Alice and Bob and ( ) H ⋅ is the Shannon entropy.Physically, this means that Bob must possess more information about Alice's bits than Eve does.
For such a source, the preparation quality [18] is given by where є and β are the eigenvalues corresponding to α and β then, where ( ) ( ) ( ) are the entropies that correspond to the probability of the eigenvalues α priori to and deduced from any measurement by Eve and Bob, respectively, N is the dimension of the Hilbert space and in this case, N = 2 n and n is the number of bits.So, it follows that Therefore, one can deduce that the secret key rate is obtained when ( ) Since, ( ) ( ) ( ) and this together with Equation (7) satisfies our theorem.Thus, the amount of information that Eve can gain about Bob's or Alice's bit is always less than half.A similar result has also been demonstrated in Ref [24].This demonstrates that always, the eavesdropper has some limited knowledge of knowing the output from Alice or from Bob.Therefore, QKD provides a kind of security that is very secure.

Conclusion
We have demonstrated the principle of operation of QKD.We have shown how one can use the properties of the laws of quantum mechanics to allow the legitimate parties to share a secret key.In particular, we have shown that the eavesdropper cannot guess the output or outcome from the legitimate parties and gain more than half of the information being transmitted.This means that the key generated by quantum cryptography is always secure, thus showing the power of quantum mechanics in securing in-

Figure 1 .
Figure 1.Comparison between what happens in a real and ideal quantum cryptographic world.Alice and Bob use the quantum and classical authenticated channel in the presence of Eve.At the end of communication; in the real world, Alice and Bob share two correlated secret keys SA and SB, respectively.In an ideal world, the access of Eve is broken; therefore Alice and Bob share a perfect secret key S.
A and S B are Alice's and Bob's output classical keys, respectively.b) secrecy-if S ≠⊥ , then S is uniform { } 0,1 l and independent of Eve.

Figure 2 .
Figure 2. The operation principle of the proposed QKD protocol.An entanglement source produces a pair of entangled signals, which are randomly measured in certain bases chosen by Alice and Bob separately.Alice and Bob generate outcomes A and B respectively.
joint probability of the distribution for all the parties is expressed as ( )Pr , , є α β .By using only error correction and privacy amplification, Alice and Bob can extract a sent key from ( )