pith. sign in

arxiv: 2510.10674 · v2 · submitted 2025-10-12 · 💻 cs.IT · math.IT

Soft-Decoding Reverse Reconciliation in Discrete-Modulation CV-QKD

Marco Origlia , Emanuele Parente , Marco Secondini This is my paper

Pith reviewed 2026-05-18 07:40 UTC · model grok-4.3

classification 💻 cs.IT math.IT
keywords continuous-variable quantum key distributionreverse reconciliationdiscrete modulationsoft decodingsecret key rateLDPC codesPAMQAM
0
0 comments X

The pith

Bob discloses a carefully designed soft metric in reverse reconciliation for discrete-modulation CV-QKD, enabling Alice to recover the key with achievable secret key rates that closely approach the upper bound.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

In continuous-variable quantum key distribution using discrete modulation formats such as PAM and QAM, reverse reconciliation is preferred because the eavesdropper knows less about Bob's measurements than about Alice's symbols. However, Alice normally has access only to hard information from her transmitted sequence and must rely on hard-decision decoding. This paper introduces a novel technique in which Bob shares a carefully designed soft metric with Alice to support soft-decoding while ensuring the disclosure leaks no additional information about the key to an eavesdropper. Performance evaluation shows the resulting achievable secret key rate closely approaches the theoretical upper bound and delivers a substantial improvement over conventional hard-decision reverse reconciliation. The method is further validated through implementation with binary LDPC codes and belief-propagation decoding, where numerical simulations of bit-error rates align with the predicted gains from the secret-key-rate analysis.

Core claim

The paper introduces a novel reverse reconciliation technique for PAM and QAM modulation formats in CV-QKD. In this technique, Bob discloses a carefully designed soft metric to Alice, enabling her to perform soft-decoding to recover Bob's key. This is done while ensuring no additional information about the key is leaked to an eavesdropper beyond the mutual information calculations. Performance assessment shows the achievable secret key rate closely approaches the upper bound with significant gain over hard-decision RR. The method is validated at the coded level with binary LDPC codes and belief-propagation decoding.

What carries the argument

The carefully designed soft metric disclosed by Bob to Alice that enables soft-decoding of Bob's key without leaking extra information to the eavesdropper.

If this is right

  • The achievable secret key rate closely approaches the theoretical upper bound.
  • The technique delivers a significant gain over hard-decision reverse reconciliation.
  • Practical implementation with binary LDPC codes and belief-propagation decoding produces bit-error rates consistent with the theoretical secret-key-rate predictions.
  • The method applies directly to both PAM and QAM discrete modulation formats.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach could extend the maximum transmission distance of discrete-modulation CV-QKD links by improving key rates under higher channel loss.
  • It may reduce hardware precision demands at Alice's receiver by allowing indirect use of soft information through the disclosed metric.
  • Refinements to the soft-metric design could further narrow the remaining gap between achievable and upper-bound rates in practical systems.

Load-bearing premise

The soft metric disclosed by Bob leaks no additional information about the key to an eavesdropper beyond what is already accounted for in the mutual information calculations.

What would settle it

An experiment or calculation showing that the mutual information between the disclosed soft metric and the eavesdropper's observations exceeds the amount already subtracted in the secret-key-rate formula would falsify the security claim.

Figures

Figures reproduced from arXiv: 2510.10674 by Emanuele Parente, Marco Origlia, Marco Secondini.

Figure 1
Figure 1. Figure 1: System overview of the scheme. The highlighted blocks [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Usage of the transformation function our example, 𝑀 = 4) different hypotheses 𝑦ˆ1, . . . , 𝑦ˆ𝑀 for the channel output that Bob may have received, where 𝑦ˆ𝑖 = 𝑔 −1 𝑖 (𝑛˜). Note that the true channel output 𝑦˜ is included among these hypothetical values. From Eve’s perspective, 𝑛˜ alone provides no information about Bob’s decision 𝑥ˆ. In fact, she could use a soft decoder with a soft input computed from P𝑌 |… view at source ↗
Figure 3
Figure 3. Figure 3: Achievable reconciliation efficiency 𝛽 ∗ of the RRS scheme with PAM-4, for different configurations 𝐶 [𝑏] and threshold selection strategies (A/F). (A) where thresholds are adaptively selected at each SNR value to produce uniform symbol probabilities after hard decision, thus maximising the entropy 𝐻(𝑋ˆ). 3 We first consider the case of BPSK modulation (𝑀 = 2), which admits only two non-equivalent configur… view at source ↗
Figure 4
Figure 4. Figure 4: Achievable SKR for PAM-4 with different reconciliation schemes and adaptive thresholds: (a) low-rate region in log [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: BER plots for PAM-4 and PAM-8 at 𝑅 = 1/2 and 𝑅 = 1/4. For reference, in each sub-plot we report the BER curve of the DR, as the corresponding SKR ( [PITH_FULL_IMAGE:figures/full_fig_p008_5.png] view at source ↗
read the original abstract

In continuous-variable quantum key distribution, information reconciliation is required to extract a shared secret key from correlated random variables obtained through the quantum channel. Reverse reconciliation (RR) is generally preferred, since the eavesdropper has less information about Bob's measurements than about Alice's transmitted symbols. When discrete modulation formats are employed, however, soft information is available only at Bob's side, while Alice has access only to hard information (her transmitted sequence). This forces her to rely on hard-decision decoding to recover Bob's key. In this work, we introduce a novel RR technique for PAM (and QAM) in which Bob discloses a carefully designed soft metric to help Alice recover Bob's key, while leaking no additional information about the key to an eavesdropper. We assess the performance of the proposed technique in terms of achievable secret key rate (SKR) and its bounds, showing that the achievable SKR closely approaches the upper bound, with a significant gain over hard-decision RR. Finally, we implement the scheme at the coded level using binary LDPC codes with belief-propagation decoding, assess its bit-error rate through numerical simulations, compare the observed gain with theoretical predictions from the achievable SKR, and discuss the residual gap.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript proposes a novel soft-decoding reverse reconciliation scheme for discrete-modulation CV-QKD using PAM/QAM. Bob transmits a carefully designed soft metric to Alice to enable recovery of his key (where Alice otherwise has only hard information), while asserting that this metric leaks no extra information to the eavesdropper beyond the standard mutual-information accounting. The authors claim the resulting achievable SKR closely approaches the upper bound and yields substantial gains over conventional hard-decision RR; these claims are supported by information-theoretic bounds and by LDPC-coded simulations with belief-propagation decoding that report BER improvements consistent with the predicted SKR advantage.

Significance. If the non-leakage property of the disclosed soft metric can be rigorously established within the CV-QKD security model, the technique would meaningfully close the performance gap between hard-decision and soft-information reconciliation in discrete-modulation systems, potentially enabling higher secret-key rates in practical implementations. The combination of an explicit metric construction, SKR analysis, and concrete LDPC simulations supplies both theoretical insight and engineering evidence.

major comments (3)
  1. [§3] §3 (Soft-metric construction): the claim that the disclosed soft metric satisfies I(key; E | metric) = I(key; E) is asserted but not accompanied by an explicit information-theoretic bound or reduction to the underlying channel model. Because the entire SKR gain and proximity to the upper bound rest on this independence, a self-contained proof or worst-case leakage bound is required.
  2. [§4] §4 (Achievable SKR derivation): the expression for the secret-key rate subtracts a leakage term that presupposes the soft metric introduces no additional correlation with the key from Eve’s viewpoint. Without a concrete verification (e.g., via the specific discrete-modulation constellation and Gaussian channel) that this term remains unchanged, the reported closeness to the upper bound cannot be confirmed.
  3. [§5] §5 (LDPC simulations): the observed BER gain over hard-decision decoding is presented as corroborating the theoretical SKR improvement, yet the residual gap to the information-theoretic bound is not decomposed into code-performance loss versus possible unaccounted leakage; this decomposition is necessary to substantiate the claim that the scheme “closely approaches” the bound.
minor comments (2)
  1. [Figures] Figure captions and axis labels should explicitly state the modulation order and SNR range used for each curve to allow direct comparison with the theoretical bounds.
  2. [Notation] Notation for mutual-information quantities (I(A;B), I(B;E), etc.) should be unified across the security analysis and simulation sections.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the careful reading and constructive comments on our manuscript. We address each major comment below with clarifications and indicate the revisions we will make to strengthen the presentation.

read point-by-point responses

  1. Referee: [§3] §3 (Soft-metric construction): the claim that the disclosed soft metric satisfies I(key; E | metric) = I(key; E) is asserted but not accompanied by an explicit information-theoretic bound or reduction to the underlying channel model. Because the entire SKR gain and proximity to the upper bound rest on this independence, a self-contained proof or worst-case leakage bound is required.

    Authors: The soft metric is constructed as a function of Bob's observation alone using the known Gaussian channel statistics and the discrete constellation, ensuring by the data-processing inequality and the Markov chain key–Bob's measurement–metric that no additional information reaches Eve. We acknowledge that an explicit reduction was not written out in full detail. In the revised manuscript we will insert a self-contained proof deriving I(key; E | metric) = I(key; E) directly from the underlying channel model. revision: yes

  2. Referee: [§4] §4 (Achievable SKR derivation): the expression for the secret-key rate subtracts a leakage term that presupposes the soft metric introduces no additional correlation with the key from Eve’s viewpoint. Without a concrete verification (e.g., via the specific discrete-modulation constellation and Gaussian channel) that this term remains unchanged, the reported closeness to the upper bound cannot be confirmed.

    Authors: The SKR formula in Section 4 follows the standard reverse-reconciliation expression in which the leakage term is exactly I(key; E). Because the metric construction preserves this equality, the reported proximity to the upper bound holds. To satisfy the request for concrete verification we will add, in the revision, an explicit numerical evaluation of the mutual information for the PAM/QAM constellations and Gaussian noise variances used in the paper. revision: yes

  3. Referee: [§5] §5 (LDPC simulations): the observed BER gain over hard-decision decoding is presented as corroborating the theoretical SKR improvement, yet the residual gap to the information-theoretic bound is not decomposed into code-performance loss versus possible unaccounted leakage; this decomposition is necessary to substantiate the claim that the scheme “closely approaches” the bound.

    Authors: The simulated BER improvement is consistent with the information-theoretic SKR gain predicted by the soft-metric analysis. The residual gap is attributable to the finite-length LDPC codes with belief-propagation decoding, which do not achieve the Shannon limit. We will revise Section 5 to include an explicit discussion that decomposes the gap into estimated code-performance loss versus any residual leakage (the latter being zero according to the metric construction). revision: partial

Circularity Check

0 steps flagged

No significant circularity; derivation relies on external channel model and explicit non-leakage argument

full rationale

The paper's SKR calculation uses standard mutual-information expressions for discrete-modulation CV-QKD under a given channel model, with the soft metric introduced as an explicit construction whose non-leakage property is argued directly from the metric definition rather than fitted to the target SKR or reduced to a self-citation. No equation equates the achievable rate to a parameter defined by the same data, and the upper bound is treated as external. The central claim therefore remains independent of its own outputs.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Based on abstract only; no explicit free parameters, axioms, or invented entities are stated. The soft metric is a designed quantity whose information leakage properties are asserted but not derived in the provided text.

pith-pipeline@v0.9.0 · 5749 in / 1071 out tokens · 23606 ms · 2026-05-18T07:40:02.885949+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

25 extracted references · 25 canonical work pages

  1. [1]

    Soft reverse reconciliation for discrete modulations,

    M. Origlia and M. Secondini, “Soft reverse reconciliation for discrete modulations,” in2025 14th International ITG Conference on Systems, Communications and Coding (SCC), 2025, pp. 1–6

    work page 2025

  2. [2]

    Advances in quantum cryptography,

    S. Pirandolaet al., “Advances in quantum cryptography,”Adv. Opt. Photon., vol. 12, no. 4, pp. 1012–1236, Dec 2020

    work page 2020

  3. [3]

    Quantum cryptography: Public key distribution and coin tossing,

    C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,”Theoretical Computer Science, vol. 560, pp. 7–11, Dec. 2014

    work page 2014

  4. [4]

    Continuous Variable Quantum Cryp- tography Using Coherent States,

    F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryp- tography Using Coherent States,”Phys. Rev. Lett., vol. 88, no. 5, Jan. 2002

    work page 2002

  5. [5]

    Controlling excess noise in fiber-optics continuous- variable quantum key distribution,

    J. Lodewycket al., “Controlling excess noise in fiber-optics continuous- variable quantum key distribution,”Physical Review A, vol. 72, no. 5, art. 050303, 2005

    work page 2005

  6. [6]

    Reconciliation of a quantum- distributed gaussian key,

    G. Van Assche, J. Cardinal, and N. Cerf, “Reconciliation of a quantum- distributed gaussian key,”IEEE Transactions on Information Theory, vol. 50, no. 2, pp. 394–400, 2004

    work page 2004

  7. [7]

    Multidimensional reconciliation for a continuous- variable quantum key distribution,

    A. Leverrieret al., “Multidimensional reconciliation for a continuous- variable quantum key distribution,”Phys. Rev. A, vol. 77, no. 4, Apr. 2008

    work page 2008

  8. [8]

    Analysis of imperfections in practical continuous- variable quantum key distribution,

    P. Jouguetet al., “Analysis of imperfections in practical continuous- variable quantum key distribution,”Physical Review A—Atomic, Molec- ular, and Optical Physics, vol. 86, no. 3, art. 032309, 2012

    work page 2012

  9. [9]

    On the Discretized Gaussian Modulation (DGM)- Based Continuous Variable-QKD,

    I. B. Djordjevic, “On the Discretized Gaussian Modulation (DGM)- Based Continuous Variable-QKD,”IEEE Access, vol. 7, 2019

    work page 2019

  10. [10]

    Unconditional security proof of long- distance continuous-variable quantum key distribution with discrete modulation,

    A. Leverrier and P. Grangier, “Unconditional security proof of long- distance continuous-variable quantum key distribution with discrete modulation,”Physical review letters, vol. 102, no. 18, art. 180504, 2009

    work page 2009

  11. [11]

    Implementation of continuous-variable quantum key distribution with discrete modulation,

    T. Hiranoet al., “Implementation of continuous-variable quantum key distribution with discrete modulation,”Quantum Science and Technology, vol. 2, no. 2, art. 024010, 2017

    work page 2017

  12. [12]

    Probabilistic amplitude shaping for continuous- variable quantum key distribution with discrete modulation over a wiretap channel,

    M. N. Notarnicolaet al., “Probabilistic amplitude shaping for continuous- variable quantum key distribution with discrete modulation over a wiretap channel,”IEEE Transactions on Communications, vol. 72, no. 1, pp. 375–386, 2023

    work page 2023

  13. [13]

    Shaped constellation continuous variable quantum key distribution: Concepts, methods and experimental validation,

    F. Roumestanet al., “Shaped constellation continuous variable quantum key distribution: Concepts, methods and experimental validation,”Journal of Lightwave Technology, vol. 42, no. 15, pp. 5182–5189, 2024

    work page 2024

  14. [14]

    Ryan and S

    W. Ryan and S. Lin,Channel codes: classical and modern. Cambridge university press, 2009

    work page 2009

  15. [15]

    Quantum key distribution over 25 km with an all-fiber continuous-variable system,

    J. Lodewycket al., “Quantum key distribution over 25 km with an all-fiber continuous-variable system,”Phys. Rev. A, vol. 76, no. 4, p. 042305, Oct. 2007

    work page 2007

  16. [16]

    Theoretical study of continuous-variable quantum key distribution,

    A. Leverrier, “Theoretical study of continuous-variable quantum key distribution,” Ph.D. dissertation, Télécom ParisTech, 2009

    work page 2009

  17. [17]

    Common randomness in information theory and cryptography. I. Secret sharing,

    R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography. I. Secret sharing,”IEEE Trans. Inform. Theory, vol. 39, no. 4, Jul. 1993

    work page 1993

  18. [18]

    Secret key agreement by public discussion from common information,

    U. Maurer, “Secret key agreement by public discussion from common information,”IEEE Trans. Inform. Theory, vol. 39, no. 3, May 1993

    work page 1993

  19. [19]

    Distillation of secret key and entanglement from quantum states,

    I. Devetak and A. Winter, “Distillation of secret key and entanglement from quantum states,”Proceedings of the Royal Society A: Mathematical, Physical and engineering sciences, vol. 461, no. 2053, pp. 207–235, 2005

    work page 2053

  20. [20]

    Casella and R

    G. Casella and R. L. Berger,Statistical inference, 2nd ed. Pacific Grove, Calif: Duxbury, 2002

    work page 2002

  21. [21]

    Re2often: (Re)verse (Re)conciliation Softening in Fortran,

    M. Origlia, “Re2often: (Re)verse (Re)conciliation Softening in Fortran,” Apr. 2025. [Online]. Available: https://doi.org/10.5281/zenodo.15222665

    work page doi:10.5281/zenodo.15222665 2025

  22. [22]

    EN 302 307-1 V1.4.1, November 2014

    European Telecommunications Standards Institute (ETSI),Digital Video Broadcasting (DVB); Second generation framing structure, channel coding and modulation systems for Broadcasting, Interactive Services, News Gathering and other broadband satellite applications; Part 1: DVB-S2, ETSI Std. EN 302 307-1 V1.4.1, November 2014

    work page 2014

  23. [23]

    Fortran LDPC decoder,

    M. Origlia, “Fortran LDPC decoder,” Apr. 2025. [Online]. Available: https://doi.org/10.5281/zenodo.15221950

    work page doi:10.5281/zenodo.15221950 2025

  24. [24]

    D. J. MacKay,Information theory, inference and learning algorithms. Cambridge university press, 2003

    work page 2003

  25. [25]

    Replacing the Soft-Decision FEC Limit Paradigm in the Design of Optical Communication Systems,

    A. Alvaradoet al., “Replacing the Soft-Decision FEC Limit Paradigm in the Design of Optical Communication Systems,”Journal of Lightwave Technology, vol. 33, no. 20, pp. 4338–4352, Oct. 2015

    work page 2015