Finite Key Security of the Extended B92 Protocol

Walter O. Krawec

arxiv: 2510.11488 · v2 · submitted 2025-10-13 · 🪐 quant-ph

Finite Key Security of the Extended B92 Protocol

Walter O. Krawec This is my paper

Pith reviewed 2026-05-18 07:37 UTC · model grok-4.3

classification 🪐 quant-ph

keywords quantum key distributionfinite key securityentropic uncertainty relationExtended B92 protocolcoherent attacksdata filteringclassical sampling

0 comments

The pith

A general entropic uncertainty relation yields the first finite-key security proof for the Extended B92 quantum key distribution protocol against coherent attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a method to prove security for quantum key distribution protocols that filter and reject some of their data. It starts by deriving a general entropic uncertainty relation whose bound depends on the size of one particular set that arises from a classical sampling strategy. The relation is then applied directly to the Extended B92 protocol, producing a security proof that holds for finite key lengths and against general coherent attacks. A sympathetic reader cares because real devices generate only finite amounts of data, so asymptotic proofs leave a practical gap. If the relation holds, concrete secure key rates can now be calculated for this protocol without assuming infinite resources.

Core claim

We derive a general entropic uncertainty relation for QKD protocols with data filtering and rejection. Our bound requires one to determine the size of a particular set derived from a classical sampling strategy. Finally, we show how our methods can be used to readily prove security of the Extended B92 protocol, providing, to our knowledge, the first finite key proof of security for this protocol against general, coherent, attacks.

What carries the argument

A general entropic uncertainty relation for protocols with data filtering and rejection, whose numerical bound is fixed by the size of a set obtained from classical sampling.

If this is right

Extended B92 now possesses a rigorous finite-key security proof against general coherent attacks.
Secure key rates for finite block lengths can be obtained by bounding the size of the sampling-derived set.
The same uncertainty relation applies to any other QKD protocol that uses data filtering and rejection.
Practical implementations can incorporate the new bound to set finite-length security parameters.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The sampling-set technique may simplify finite-key analyses for other protocols that reject invalid bits.
More precise computation of the set size could raise the achievable secure rate in realistic scenarios.
The method invites direct comparison with existing finite-key proofs for BB84 or other standard protocols.

Load-bearing premise

That the size of the particular set derived from the classical sampling strategy can be computed or bounded tightly enough to produce a useful finite-key rate.

What would settle it

An explicit calculation of the set size for Extended B92 that returns a zero or negative key rate for every finite block length, or an explicit coherent attack that extracts more information than the derived bound permits.

Figures

Figures reproduced from arXiv: 2510.11488 by Walter O. Krawec.

**Figure 1.** Figure 1: Evaluating our finite key-rate result ℓ/N (Solid), where N is the total number of signals sent, and comparing to asymptotic results from [3] (Dashed). Left: Ideal devices (x = 1 in the POVM); Right: practical devices (x = cos2 θ 2 for the measurement POVMs). Here, we test θ = π/3 for various noise levels, Q. Note the change in y-axis scale between the two figures. Similar results are found for other θ, wit… view at source ↗

**Figure 2.** Figure 2: Comparing our new result (Solid) from finite key results in [4] [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗

read the original abstract

In this paper, we derive a new proof of security for the Extended B92 QKD protocol. We derive a general entropic uncertainty relation for QKD protocols with data filtering and rejection. Our bound requires one to determine the size of a particular set derived from a classical sampling strategy. Finally, we show how our methods can be used to readily prove security of the Extended B92 protocol, providing, to our knowledge, the first finite key proof of security for this protocol against general, coherent, attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper gives the first finite-key security proof for Extended B92 against coherent attacks by deriving a general entropic uncertainty relation for filtering protocols, but leaves the key practical step of bounding the sampling set size without explicit evaluation or rate numbers.

read the letter

This paper gives the first finite-key security proof for the Extended B92 protocol against coherent attacks. It reaches that result by deriving a general entropic uncertainty relation that covers QKD protocols with data filtering and rejection steps. The relation reduces security to bounding the cardinality of one set produced by the classical sampling strategy, then applies the framework to Extended B92 and states that the methods work readily for this case. The general relation itself is the clearest new piece. It extends existing entropic tools to protocols that discard or filter data, which is a reasonable direction given how many practical QKD schemes include rejection. The write-up is direct about the reduction and keeps the focus on the finite-key corrections that matter for real implementations. The soft spot is exactly where the stress-test note points. The final bound is only useful if that sampling-derived set is small enough that the min-entropy lower bound, after finite-size terms, still produces a positive key rate at realistic block lengths and observed error rates. The manuscript does not supply an explicit computation, closed-form bound, or numerical example for the Extended B92 sampling set. Without that step shown, the security claim stays conditional rather than demonstrated. The abstract says the methods can be used to prove security, but readers still have to do the cardinality work themselves to see whether the rates are practical. This paper is mainly for specialists who already work on finite-key proofs in quantum cryptography and who need a security argument for this particular protocol or who want to reuse the general relation on other filtering schemes. Most other readers can pass. The math is grounded and the engagement with the literature looks honest, so the paper deserves a serious referee even though the practical verification step would benefit from more detail in revision. I would send it out for peer review.

Referee Report

2 major / 2 minor

Summary. The paper derives a general entropic uncertainty relation applicable to QKD protocols that incorporate data filtering and rejection steps. This relation reduces finite-key security analysis to the problem of bounding the cardinality of one specific set obtained from a classical sampling strategy. The authors then apply the relation to the Extended B92 protocol and claim to obtain the first finite-key security proof against general coherent attacks.

Significance. If the central derivation holds and the sampling-set cardinality can be bounded tightly enough to yield positive rates, the work supplies a reusable tool for finite-key proofs in rejection-based protocols and delivers the first such proof for Extended B92. The absence of an explicit numerical evaluation or closed-form bound for the B92 sampling set, however, leaves the practical security statement conditional rather than fully demonstrated.

major comments (2)

[§4] §4 (application to Extended B92): the manuscript asserts that the new relation 'can be used to readily prove security' but supplies neither an explicit computation nor a closed-form upper bound on the cardinality of the sampling-derived set that enters the min-entropy lower bound. Without this step the finite-key rate remains formally defined but numerically unverified for realistic block lengths and observed error rates.
[§3] General entropic uncertainty relation (likely Eq. (main result) in §3): the bound is stated to depend on the size of one particular set produced by the classical sampling strategy, yet the tightness of this reduction for the specific filtering and rejection rules of Extended B92 is not quantified, leaving open whether the resulting key rate is positive after finite-size corrections.

minor comments (2)

Notation for the sampling set and its cardinality should be introduced once and used consistently; the current presentation alternates between descriptive phrases and symbols without a clear definition table.
The abstract and introduction both claim 'the first finite key proof'; a brief comparison paragraph with prior infinite-key or asymptotic analyses of B92 would strengthen this claim.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful reading of the manuscript and for the constructive comments. We address the major comments point by point below, clarifying the scope of our results while agreeing to strengthen the presentation of the Extended B92 application where feasible.

read point-by-point responses

Referee: [§4] §4 (application to Extended B92): the manuscript asserts that the new relation 'can be used to readily prove security' but supplies neither an explicit computation nor a closed-form upper bound on the cardinality of the sampling-derived set that enters the min-entropy lower bound. Without this step the finite-key rate remains formally defined but numerically unverified for realistic block lengths and observed error rates.

Authors: The manuscript reduces the finite-key security of Extended B92 to the problem of upper-bounding the cardinality of one specific set arising from the classical sampling strategy that encodes the protocol's filtering and rejection rules. This reduction is explicit in Section 4, where we show that the min-entropy term is bounded by the logarithm of that cardinality. While we do not include numerical evaluations or closed-form expressions for concrete block lengths in the current version (the emphasis being on the general technique), we agree that such an illustration would make the result more immediately usable. In the revised manuscript we will add a short subsection providing a combinatorial upper bound on the set cardinality together with numerical key-rate curves for representative parameters (e.g., n ≈ 10^6 and observed error rates of a few percent), confirming positive rates after finite-size corrections. revision: yes
Referee: [§3] General entropic uncertainty relation (likely Eq. (main result) in §3): the bound is stated to depend on the size of one particular set produced by the classical sampling strategy, yet the tightness of this reduction for the specific filtering and rejection rules of Extended B92 is not quantified, leaving open whether the resulting key rate is positive after finite-size corrections.

Authors: The entropic uncertainty relation is formulated so that the filtering and rejection steps of any protocol, including Extended B92, are fully captured by the definition of the sampling set; the resulting bound on the smooth min-entropy is therefore tight with respect to that set. For Extended B92 the set consists of all bit strings consistent with the observed sifted statistics after the protocol-specific rejection test. Its cardinality can be bounded using standard concentration inequalities on the sampling procedure, which is already indicated in the application section. The finite-size correction therefore vanishes asymptotically, recovering the known positive asymptotic rate of Extended B92. We will expand the discussion in the revision to include a brief comparison of the finite-size term with the asymptotic limit, thereby quantifying that the rate remains positive for practical block sizes once the set cardinality is bounded. revision: partial

Circularity Check

0 steps flagged

Derivation of general entropic uncertainty relation is self-contained; no circular reductions identified.

full rationale

The paper derives a new general entropic uncertainty relation applicable to QKD protocols with data filtering and rejection. This relation is formulated such that security reduces to determining the cardinality of a specific set arising from the classical sampling strategy, which is presented as an independent computational task rather than something defined in terms of the final bound. The application to the Extended B92 protocol is shown by invoking this general relation to obtain a finite-key security statement against coherent attacks, without any step that renames a fitted input as a prediction, imports uniqueness via self-citation in a load-bearing manner, or reduces the claimed result to its own inputs by construction. The derivation chain remains independent of any prior self-references, and the central result has content beyond minor citations.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper relies on standard quantum information axioms for entropic uncertainty relations and introduces a new general relation whose validity depends on correctly bounding a sampling-derived set.

axioms (1)

standard math Standard axioms of quantum mechanics and information theory underlying entropic uncertainty relations
Invoked throughout the derivation of the general relation for protocols with filtering and rejection.

pith-pipeline@v0.9.0 · 5595 in / 1161 out tokens · 28168 ms · 2026-05-18T07:37:08.716244+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Our main result... ℓ = min_{c0≥n0} [c0·c − log2 γ(Ψ,S,c0)] − λ_EC − 2 log 1/√ϵ_cl_δ (Theorem 2)
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

quantum sampling framework of Bouman and Fehr... G^t_δ = {q : max |g_j(q_t) − τ_j(q_{-t})| ≤ δ}

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

12 extracted references · 12 canonical work pages

[1]

Sampling in a quantum population, and applications

Niek J Bouman and Serge Fehr. Sampling in a quantum population, and applications. InAnnual Cryptology Conference, pages 724–741. Springer, 2010

work page 2010
[2]

Quantum sampling for finite key rates in high dimensional quantum cryptography.IEEE Transactions on Information Theory, 68(5):3144–3163, 2022

Keegan Yao, Walter O Krawec, and Jiadong Zhu. Quantum sampling for finite key rates in high dimensional quantum cryptography.IEEE Transactions on Information Theory, 68(5):3144–3163, 2022

work page 2022
[3]

Robust unconditionally secure quantum key distribution with two nonorthogonal and uninformative states.Physical Review A—Atomic, Molecular , and Optical Physics, 80(3):032327, 2009

Marco Lucamarini, Giovanni Di Giuseppe, and Kiyoshi Tamaki. Robust unconditionally secure quantum key distribution with two nonorthogonal and uninformative states.Physical Review A—Atomic, Molecular , and Optical Physics, 80(3):032327, 2009

work page 2009
[4]

Finite key analysis of the extended b92 protocol

Omar Amer and Walter O Krawec. Finite key analysis of the extended b92 protocol. In2020 IEEE International Symposium on Information Theory (ISIT), pages 1944–1948. IEEE, 2020

work page 1944
[5]

Security of quantum key distribution.International Journal of Quantum Information, 6(01):1–127, 2008

Renato Renner. Security of quantum key distribution.International Journal of Quantum Information, 6(01):1–127, 2008

work page 2008
[6]

The operational meaning of min-and max-entropy.IEEE Transactions on Information theory, 55(9):4337–4347, 2009

Robert Konig, Renato Renner, and Christian Schaffner. The operational meaning of min-and max-entropy.IEEE Transactions on Information theory, 55(9):4337–4347, 2009

work page 2009
[7]

New key rate bound for high- dimensional bb84 with multiple basis measurements.To appear: Proc IEEE QCE 2025

Trevor N Thomas and Walter O Krawec. New key rate bound for high- dimensional bb84 with multiple basis measurements.To appear: Proc IEEE QCE 2025. arXiv preprint arXiv:2504.11315, 2025

work page arXiv 2025
[8]

Tight finite-key analysis for quantum cryptography.Nature communications, 3(1):634, 2012

Marco Tomamichel, Charles Ci Wen Lim, Nicolas Gisin, and Renato Renner. Tight finite-key analysis for quantum cryptography.Nature communications, 3(1):634, 2012

work page 2012
[9]

Quantum cryptography using any two nonorthogonal states.Physical review letters, 68(21):3121, 1992

Charles H Bennett. Quantum cryptography using any two nonorthogonal states.Physical review letters, 68(21):3121, 1992

work page 1992
[10]

Quantum cryptography.Progress in optics, 49:381–454, 2006

Miloslav Du ˇsek, Norbert L ¨utkenhaus, and Martin Hendrych. Quantum cryptography.Progress in optics, 49:381–454, 2006

work page 2006
[11]

Advanced unambiguous state discrimination attack and countermeasure strategy in a practical b92 qkd system.Quantum Information Processing, 17(1):17, 2018

Heasin Ko, Byung-Seok Choi, Joong-Seon Choe, and Chun Ju Youn. Advanced unambiguous state discrimination attack and countermeasure strategy in a practical b92 qkd system.Quantum Information Processing, 17(1):17, 2018

work page 2018
[12]

Secret key agreement by public discussion from com- mon information.IEEE transactions on information theory, 39(3):733– 742, 2002

Ueli M Maurer. Secret key agreement by public discussion from com- mon information.IEEE transactions on information theory, 39(3):733– 742, 2002

work page 2002

[1] [1]

Sampling in a quantum population, and applications

Niek J Bouman and Serge Fehr. Sampling in a quantum population, and applications. InAnnual Cryptology Conference, pages 724–741. Springer, 2010

work page 2010

[2] [2]

Quantum sampling for finite key rates in high dimensional quantum cryptography.IEEE Transactions on Information Theory, 68(5):3144–3163, 2022

Keegan Yao, Walter O Krawec, and Jiadong Zhu. Quantum sampling for finite key rates in high dimensional quantum cryptography.IEEE Transactions on Information Theory, 68(5):3144–3163, 2022

work page 2022

[3] [3]

Robust unconditionally secure quantum key distribution with two nonorthogonal and uninformative states.Physical Review A—Atomic, Molecular , and Optical Physics, 80(3):032327, 2009

Marco Lucamarini, Giovanni Di Giuseppe, and Kiyoshi Tamaki. Robust unconditionally secure quantum key distribution with two nonorthogonal and uninformative states.Physical Review A—Atomic, Molecular , and Optical Physics, 80(3):032327, 2009

work page 2009

[4] [4]

Finite key analysis of the extended b92 protocol

Omar Amer and Walter O Krawec. Finite key analysis of the extended b92 protocol. In2020 IEEE International Symposium on Information Theory (ISIT), pages 1944–1948. IEEE, 2020

work page 1944

[5] [5]

Security of quantum key distribution.International Journal of Quantum Information, 6(01):1–127, 2008

Renato Renner. Security of quantum key distribution.International Journal of Quantum Information, 6(01):1–127, 2008

work page 2008

[6] [6]

The operational meaning of min-and max-entropy.IEEE Transactions on Information theory, 55(9):4337–4347, 2009

Robert Konig, Renato Renner, and Christian Schaffner. The operational meaning of min-and max-entropy.IEEE Transactions on Information theory, 55(9):4337–4347, 2009

work page 2009

[7] [7]

New key rate bound for high- dimensional bb84 with multiple basis measurements.To appear: Proc IEEE QCE 2025

Trevor N Thomas and Walter O Krawec. New key rate bound for high- dimensional bb84 with multiple basis measurements.To appear: Proc IEEE QCE 2025. arXiv preprint arXiv:2504.11315, 2025

work page arXiv 2025

[8] [8]

Tight finite-key analysis for quantum cryptography.Nature communications, 3(1):634, 2012

Marco Tomamichel, Charles Ci Wen Lim, Nicolas Gisin, and Renato Renner. Tight finite-key analysis for quantum cryptography.Nature communications, 3(1):634, 2012

work page 2012

[9] [9]

Quantum cryptography using any two nonorthogonal states.Physical review letters, 68(21):3121, 1992

Charles H Bennett. Quantum cryptography using any two nonorthogonal states.Physical review letters, 68(21):3121, 1992

work page 1992

[10] [10]

Quantum cryptography.Progress in optics, 49:381–454, 2006

Miloslav Du ˇsek, Norbert L ¨utkenhaus, and Martin Hendrych. Quantum cryptography.Progress in optics, 49:381–454, 2006

work page 2006

[11] [11]

Advanced unambiguous state discrimination attack and countermeasure strategy in a practical b92 qkd system.Quantum Information Processing, 17(1):17, 2018

Heasin Ko, Byung-Seok Choi, Joong-Seon Choe, and Chun Ju Youn. Advanced unambiguous state discrimination attack and countermeasure strategy in a practical b92 qkd system.Quantum Information Processing, 17(1):17, 2018

work page 2018

[12] [12]

Secret key agreement by public discussion from com- mon information.IEEE transactions on information theory, 39(3):733– 742, 2002

Ueli M Maurer. Secret key agreement by public discussion from com- mon information.IEEE transactions on information theory, 39(3):733– 742, 2002

work page 2002