arxiv: 2604.21791 · v1 · submitted 2026-04-23 · 🪐 quant-ph

Recognition: unknown

Rigorous Security Proofs for Practical Quantum Key Distribution

Devashish Tupkary

Authors on Pith no claims yet

Pith reviewed 2026-05-09 22:31 UTC · model grok-4.3

classification 🪐 quant-ph

keywords quantum key distributionsecurity proofpostselection techniqueentropy accumulationvariable-length QKDcollective attackscoherent attacksphase error rate

0 comments

The pith

Security for variable-length QKD protocols against collective and coherent attacks is rigorously proven by fixing a flaw in postselection.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes security proofs for practical quantum key distribution. It shows that variable-length protocols are secure against independent identically distributed collective attacks. This security is extended to coherent attacks by placing the postselection technique on a rigorous footing. Methods are developed to bound phase error rates using only observed statistics even with imperfect detectors. A general analysis framework based on the marginal-constrained entropy accumulation theorem allows adaptation to practical imperfections and side channels.

Core claim

We establish a security proof for variable-length QKD protocols against IID collective attacks, and extend this result to coherent attacks using the postselection technique. In doing so, we resolve a long-standing flaw in the application of the postselection technique to QKD, thereby placing it on a rigorous mathematical footing. We also develop a method to bound phase error rates using only the observed statistics, even when detectors are imperfect.

What carries the argument

The postselection technique, corrected for rigorous application to QKD, combined with the marginal-constrained entropy accumulation theorem for bounding security under practical conditions.

If this is right

Variable-length protocols become provably secure without assuming fixed lengths.
Phase error bounds apply to realistic imperfect detectors without identical behavior assumptions.
Security analysis can incorporate side channels and imperfections via the general framework.
QKD protocols remain secure under realistic authentication with only minor modifications.
The unified notation allows consistent comparison across different security proof frameworks.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This could facilitate the design of adaptive QKD systems that adjust key lengths based on channel conditions.
The corrected postselection approach may strengthen security proofs in other areas of quantum cryptography.
Experimental implementations could use the phase error bounding method to certify security without perfect detector characterization.

Load-bearing premise

The quantum channel models and marginal constraints in the entropy accumulation theorem must correctly describe all relevant physical side channels in the implementation.

What would settle it

Observation of a physical side channel in a QKD experiment that allows key information leakage beyond what the marginal constraints predict, despite the protocol satisfying the security criteria.

Figures

Figures reproduced from arXiv: 2604.21791 by Devashish Tupkary.

**Figure 2.1.** Figure 2.1: Schematic of a beam splitter with two input ports (left and bottom) and two [PITH_FULL_IMAGE:figures/full_fig_p052_2_1.png] view at source ↗

**Figure 2.2.** Figure 2.2: Idealized polarizing beam splitter (PBS) that routes the horizontal and vertical [PITH_FULL_IMAGE:figures/full_fig_p052_2_2.png] view at source ↗

**Figure 2.3.** Figure 2.3: Schematic of a threshold (on/off) detector. In the imperfect model, [PITH_FULL_IMAGE:figures/full_fig_p053_2_3.png] view at source ↗

**Figure 3.1.** Figure 3.1: Schematic of a quantum key distribution (QKD) protocol. The task is to [PITH_FULL_IMAGE:figures/full_fig_p057_3_1.png] view at source ↗

**Figure 3.2.** Figure 3.2: Schematic of an active detection setup using threshold detectors. [PITH_FULL_IMAGE:figures/full_fig_p071_3_2.png] view at source ↗

**Figure 3.3.** Figure 3.3: Schematic of the passive detection setup using theshold detectors. [PITH_FULL_IMAGE:figures/full_fig_p072_3_3.png] view at source ↗

**Figure 3.4.** Figure 3.4: Schematic illustrating the use of a source map. A virtual source prepares ( [PITH_FULL_IMAGE:figures/full_fig_p083_3_4.png] view at source ↗

**Figure 3.5.** Figure 3.5: An infinite-dimensional POVM can be modelled as a squashing map Λ followed [PITH_FULL_IMAGE:figures/full_fig_p087_3_5.png] view at source ↗

**Figure 4.1.** Figure 4.1: Expected key rate for fixed-length protocols [PITH_FULL_IMAGE:figures/full_fig_p114_4_1.png] view at source ↗

**Figure 4.2.** Figure 4.2: Expected key rate for fixed-length protocols [PITH_FULL_IMAGE:figures/full_fig_p116_4_2.png] view at source ↗

**Figure 4.3.** Figure 4.3: Key rate for variable-length decoy-state BB84 protocol plotted against loss, for [PITH_FULL_IMAGE:figures/full_fig_p118_4_3.png] view at source ↗

**Figure 5.1.** Figure 5.1: Key rate for variable-length qubit BB84 protocol plotted against loss, with and [PITH_FULL_IMAGE:figures/full_fig_p147_5_1.png] view at source ↗

**Figure 5.2.** Figure 5.2: Key rate for variable-length decoy-state BB84 protocol plotted against loss, [PITH_FULL_IMAGE:figures/full_fig_p148_5_2.png] view at source ↗

**Figure 6.1.** Figure 6.1: Schematic for the two-step measurement procedure from Lemma [PITH_FULL_IMAGE:figures/full_fig_p162_6_1.png] view at source ↗

**Figure 6.2.** Figure 6.2: Protocol flowchart for the equivalent protocol from Section [PITH_FULL_IMAGE:figures/full_fig_p193_6_2.png] view at source ↗

**Figure 6.3.** Figure 6.3: Protocol flowchart for the equivalent protocol from Section [PITH_FULL_IMAGE:figures/full_fig_p194_6_3.png] view at source ↗

**Figure 6.4.** Figure 6.4: Finite-size key rates in the presence of basis-efficiency mismatch, for the decoy [PITH_FULL_IMAGE:figures/full_fig_p195_6_4.png] view at source ↗

**Figure 6.5.** Figure 6.5: Finite-size key rates in the presence of basis-efficiency mismatch, for the decoy [PITH_FULL_IMAGE:figures/full_fig_p196_6_5.png] view at source ↗

**Figure 6.6.** Figure 6.6: Finite-size key rates in the presence of basis-efficiency mismatch, for the decoy [PITH_FULL_IMAGE:figures/full_fig_p197_6_6.png] view at source ↗

**Figure 7.1.** Figure 7.1: The evolution of the state through Eve’s attack channels [PITH_FULL_IMAGE:figures/full_fig_p220_7_1.png] view at source ↗

**Figure 7.2.** Figure 7.2: (Same as Fig [PITH_FULL_IMAGE:figures/full_fig_p229_7_2.png] view at source ↗

**Figure 7.3.** Figure 7.3: Key rate for variable-length qubit BB84 protocol plotted against loss, using [PITH_FULL_IMAGE:figures/full_fig_p247_7_3.png] view at source ↗

**Figure 7.4.** Figure 7.4: Key rate for the variable-length decoy-state BB84 protocol plotted as a function [PITH_FULL_IMAGE:figures/full_fig_p248_7_4.png] view at source ↗

**Figure 8.1.** Figure 8.1: The practical authenticated classical communication model used in this chapter. [PITH_FULL_IMAGE:figures/full_fig_p259_8_1.png] view at source ↗

**Figure 8.2.** Figure 8.2: Schematic of AuthPP Protocol described in Section 8.2.3. Alice and Bob first update their key registers based on whether they received an auth-abort in any of the prior communication. They then communicate their tentatively accept / abort decisions. They then perform a final update operation on their key registers depending on their final accept / abort decision. 3. In APP 5 and APP 6, Alice and Bob use … view at source ↗

**Figure 8.3.** Figure 8.3: A diagram illustrating transformations between real and ideal states [PITH_FULL_IMAGE:figures/full_fig_p268_8_3.png] view at source ↗

**Figure 8.4.** Figure 8.4: For every operation that Eve performs in the virtual authentication setting, [PITH_FULL_IMAGE:figures/full_fig_p278_8_4.png] view at source ↗

**Figure 8.5.** Figure 8.5: Schematic of del-AuthPP Protocol described in Section 8.4.1. Alice and Bob first communicate and verify transcripts. If transcripts matches, they accept the protocol. Else, they abort the protocol and replace their key registers with ⊥s. dAPP 2 If Bob receives an auth-abort, he sends an abort message to Alice. Otherwise, he checks whether the received transcript matches his own. That is, he verifies that… view at source ↗

**Figure 9.1.** Figure 9.1: Key rate for the variable-length decoy-state BB84 protocol plotted as a function [PITH_FULL_IMAGE:figures/full_fig_p286_9_1.png] view at source ↗

read the original abstract

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution (QKD) protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and extend this result to coherent attacks using the postselection technique. In doing so, we resolve a long-standing flaw in the application of the postselection technique to QKD, thereby placing it on a rigorous mathematical footing. Second, we develop a method to bound phase error rates in entropic uncertainty relation-based and phase error rate-based proofs, using only the observed statistics of the protocol, even when detectors are imperfect and only approximately characterized. This removes a key assumption of identical detector behaviour and enables these techniques to be applied in realistic settings. Third, we present a very general security analysis based on the marginal-constrained entropy accumulation theorem. The resulting framework can be readily adapted to practical imperfections and side channels, and is suitable for certification efforts. Finally, we show that the security of QKD protocols under realistic authentication assumptions can be reduced to the standard idealized setting, where authentication is assumed to behave honestly, with only minor protocol modifications. A distinctive feature of this thesis is its unified presentation of several major QKD security proof frameworks using consistent protocol descriptions and notation. Consequently, this thesis is intended not only as a collection of new technical results, but also as a useful reference for understanding rigorous security analysis in quantum key distribution.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This thesis fixes the postselection flaw for QKD and gives observed-statistics phase-error bounds that work with imperfect detectors.

read the letter

The main advance is a corrected application of the postselection technique that places security proofs for variable-length QKD on firmer ground, plus a phase-error bound derived only from observed statistics even when detectors are imperfect and only roughly characterized. The author also supplies a marginal-constrained entropy accumulation framework that adapts to side channels and shows how realistic authentication reduces to the usual idealized case with small protocol changes. The consistent notation across proof methods is a practical help for anyone comparing approaches. These pieces address documented gaps in applying theory to hardware that is already being built. The work draws on standard tools, so the contribution lies in the careful repair and the new bounding method rather than new machinery. The derivations appear to close the reductions without circularity or hidden fitting, and the modeling assumptions are stated explicitly enough to check. Minor soft spots remain around how well the channel models capture actual side channels in a given implementation, but that is inherent to any QKD proof and not a flaw in the logic here. This is written for researchers doing security analysis and for groups working on certification or standardization. A reader who needs rigorous statements for variable-length protocols or imperfect detectors will get usable technical steps. It deserves a serious referee because the claims are concrete, the fixes target real prior issues, and the frameworks are set up for adaptation rather than abstract generality.

Referee Report

0 major / 4 minor

Summary. This thesis develops rigorous security analyses for practical QKD protocols. It proves security for variable-length protocols against IID collective attacks and extends the result to coherent attacks via a corrected postselection technique that resolves a prior flaw. It introduces a method to bound phase-error rates from observed statistics alone, even with imperfect and only approximately characterized detectors. It supplies a general framework based on the marginal-constrained entropy accumulation theorem that accommodates realistic imperfections and side channels. Finally, it reduces the security of protocols under realistic authentication assumptions to the standard idealized honest-authentication setting via minor protocol modifications. The work unifies several major QKD proof techniques under consistent protocol descriptions and notation.

Significance. If the derivations hold, the thesis makes a substantial contribution by placing practical QKD security on firmer mathematical ground. The resolution of the postselection flaw, the phase-error bounding technique that removes the identical-detector assumption, and the marginal-constrained entropy accumulation framework are directly usable for certification. The unified presentation with consistent notation is a clear strength and will serve as a reference. The reduction of realistic authentication to the idealized case is a useful practical result. These elements collectively advance the field beyond abstract proofs toward analyses that incorporate real-device imperfections.

minor comments (4)

The abstract and introduction state that the postselection flaw is resolved, but a concise, self-contained statement of the original flaw (e.g., the precise mathematical step that was previously unjustified) and the exact correction applied would improve readability for readers who are not already experts in the postselection literature.
In the phase-error bounding section, the transition from observed statistics to the phase-error bound under imperfect detectors should include an explicit statement of all modeling assumptions (e.g., the precise form of the detector response functions and any truncation of higher-order terms) so that the bound can be reproduced from the given data alone.
The marginal-constrained entropy accumulation framework is presented as readily adaptable; an additional short subsection or appendix that walks through the adaptation steps for one concrete side-channel example (e.g., a specific detector efficiency mismatch) would make the claim more concrete and easier to verify.
Notation for the variable-length protocol (e.g., the definition of the length-dependent security parameter and the postselection map) is introduced gradually; a single consolidated table or figure summarizing all symbols and their dependencies would reduce cross-referencing.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive assessment of our thesis and for recommending minor revision. The provided summary accurately reflects the main technical contributions, including the resolution of the postselection flaw, the phase-error bounding method, the marginal-constrained entropy accumulation framework, and the authentication reduction.

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The thesis constructs security proofs for variable-length QKD by applying standard tools from the literature (entropy accumulation theorem with explicit marginal constraints, postselection technique with a corrected reduction, entropic uncertainty relations, and observed-statistics phase-error bounds) to new protocol settings and realistic imperfections. All central claims are reductions from these externally established methods to the target security statements; no derivation step reduces by construction to a fitted parameter, self-referential definition, or load-bearing self-citation whose validity depends on the present work. The unified notation and consistent protocol descriptions are presentational aids, not circular inputs. The authentication reduction and detector-imperfection handling likewise rely on explicit modeling assumptions that remain falsifiable outside the fitted values.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

Abstract-only review supplies no explicit free parameters, invented entities, or ad-hoc axioms; the work is described as building on standard quantum information theory and existing QKD proof frameworks.

axioms (2)

standard math Standard axioms of quantum mechanics and finite-dimensional Hilbert-space information theory
All security statements presuppose the usual quantum-mechanical description of states, measurements, and channels.
domain assumption Applicability of the entropy accumulation theorem under marginal constraints
The general security framework invokes this theorem as a black-box tool.

pith-pipeline@v0.9.0 · 5557 in / 1438 out tokens · 39241 ms · 2026-05-09T22:31:22.373339+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

184 extracted references · 137 canonical work pages · 2 internal anchors

[1]

Tan, and Norbert L¨ utkenhaus

Devashish Tupkary, Ernest Y.-Z. Tan, and Norbert L¨ utkenhaus. Security proof for variable-length quantum key distribution.Physical Review Research, 6(2):023002, April 2024.doi:10.1103/PhysRevResearch.6.023002

work page doi:10.1103/physrevresearch.6.023002 2024
[2]

Phase error rate estimation in QKD with imperfect detectors.Quantum, 9:1937, December 2025

Devashish Tupkary, Shlok Nahar, Pulkit Sinha, and Norbert L¨ utkenhaus. Phase error rate estimation in QKD with imperfect detectors.Quantum, 9:1937, December 2025. doi:10.22331/q-2025-12-11-1937

work page doi:10.22331/q-2025-12-11-1937 1937
[3]

Devashish Tupkary, Shlok Nahar, Amir Arqand, Ernest Y. Z. Tan, and Norbert L¨ utkenhaus. A rigorous and complete security proof of decoy-state BB84 quantum key distribution, 2026. URL: https://arxiv.org/abs/2601.18035, arXiv:2601.18035

work page arXiv 2026
[4]

Devashish Tupkary, Shlok Nahar, and Ernest Y. Z. Tan. Authentication in security proofs for quantum key distribution, 2026. URL: https://arxiv.org/abs/2601. 17960,arXiv:2601.17960

work page arXiv 2026
[5]

Shlok Nahar, Devashish Tupkary, Yuming Zhao, Norbert L¨ utkenhaus, and Ernest Y.-Z. Tan. Postselection Technique for Optical Quantum Key Distribution with Improved de Finetti Reductions.PRX Quantum, 5(4):040315, October 2024. doi: 10.1103/PRXQuantum.5.040315

work page doi:10.1103/prxquantum.5.040315 2024
[6]

Improved finite-size effects in quantum key distribution with applications to decoy-state protocols.Phys

Lars Kamin, Devashish Tupkary, and Norbert L¨ utkenhaus. Improved finite-size effects in quantum key distribution with applications to decoy-state protocols.Phys. Rev. Res., 8:013332, Mar 2026. URL: https://link.aps.org/doi/10.1103/48xf-my6t, doi:10.1103/48xf-my6t

work page doi:10.1103/48xf-my6t 2026
[7]

Devashish Tupkary, Ernest Y. Z. Tan, Shlok Nahar, Lars Kamin, and Norbert L¨ utkenhaus. Qkd security proofs for decoy-state bb84: protocol variations, proof techniques, gaps and limitations, 2025. URL: https://arxiv.org/abs/2502.10340, arXiv:2502.10340. 266

work page arXiv 2025
[8]

Open QKD Security: Version 2.1.0, December 2024

John Burniston, Wenyuan Wang, Lars Kamin, Jie Lin, Patrick Coles, Eric Metodiev, Ian George, Nicky Kai Hong Li, Kun Fang, Max Chemtov, Yanbao Zhang, Christopher B¨ ohm, Adam Winick, Thomas van Himbeeck, Scott Johnstun, Shlok Nahar, Devashish Tupkary, Shihong Pan, Zhiyao Wang, Aodhan Corrigan, Florian Kanitschar, Laura Gracie, Shouzhen Gu, Natansh Mathur, ...

work page doi:10.5281/zenodo.14262569 2024
[9]

Lars Kamin, John Burniston, and Ernest Y.-Z. Tan. R´ enyi security framework against coherent attacks applied to decoy-state QKD, April 2025. arXiv:2504.12248 [quant-ph]. URL:http://arxiv.org/abs/2504.12248,doi:10.48550/arXiv.2504.12248

work page doi:10.48550/arxiv.2504.12248 2025
[10]

A brief history of cryptography, 2023

Red Hat. A brief history of cryptography, 2023. [Accessed 25-12-2025]. URL: https://www.redhat.com/en/blog/brief-history-cryptography

2023
[11]

C. E. Shannon. Communication theory of secrecy systems.The Bell System Technical Journal, 28(4):656–715, 1949.doi:10.1002/j.1538-7305.1949.tb00928.x

work page doi:10.1002/j.1538-7305.1949.tb00928.x 1949
[12]

New directions in cryptography , Volume =

W. Diffie and M. Hellman. New directions in cryptography.IEEE Transactions on Information Theory, 22(6):644–654, 1976.doi:10.1109/TIT.1976.1055638

work page doi:10.1109/tit.1976.1055638 1976
[13]

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.Commun. ACM, 21(2):120–126, February 1978. doi: 10.1145/359340.359342

work page doi:10.1145/359340.359342 1978
[14]

Lenstra, Walter Lioen, Peter L

Stefania Cavallar, Bruce Dodson, Arjen K. Lenstra, Walter Lioen, Peter L. Mont- gomery, Brian Murphy, Herman Te Riele, Karen Aardal, Jeff Gilchrist, G´ erard Guillerm, Paul Leyland, Jo¨ el Marchand, Fran¸ cois Morain, Alec Muffett, Chris Put- nam, Craig Putnam, and Paul Zimmermann. Factorization of a 512-bit rsa modulus. InProceedings of the 19th Internat...

work page doi:10.1007/3-540-45539-6_1 2000
[15]

Advanced encryption standard (aes)

National Institute of Standards and Technology. Advanced encryption standard (aes). Technical Report FIPS PUB 197, National Institute of Standards and Technology, Washington, DC, 2001. Accessed: 2026-04-07. URL: https://nvlpubs.nist.gov/ nistpubs/FIPS/NIST.FIPS.197.pdf

2001
[16]

Peter W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer.SIAM Journal on Computing, 26(5):1484–1509, October 1997. URL: http://dx.doi.org/10.1137/S0097539795293172, doi:10. 1137/s0097539795293172. 267

work page doi:10.1137/s0097539795293172 1997
[17]

Nist releases first 3 finalized post-quantum encryption standards, 2024

National Institute of Standards and Technology. Nist releases first 3 finalized post-quantum encryption standards, 2024. [Accessed 25- 12-2025]. URL: https://www.nist.gov/news-events/news/2024/08/ nist-releases-first-3-finalized-post-quantum-encryption-standards

2024
[18]

C. H. Bennett and G. Brassard. Quantum cryptography: Public key distribution and coin tossing. InProceedings of IEEE International Conference on Computers, Systems and Signal Processing, volume 560, pages 175–179, Bangalore, India, 1984. IEEE. URL: http://dx.doi.org/10.1016/j.tcs.2014.05.025, doi:10.1016/j. tcs.2014.05.025

work page doi:10.1016/j.tcs.2014.05.025 1984
[19]

Renner and R

Renato Renner and Ramona Wolf. The debate over qkd: A rebuttal to the nsa’s objections, 2023. URL:https://arxiv.org/abs/2307.15116,arXiv:2307.15116

work page arXiv 2023
[20]

Springer Berlin Heidelberg, 2010

Douglas Stebila, Michele Mosca, and Norbert L¨ utkenhaus.The Case for Quantum Key Distribution, page 283–296. Springer Berlin Heidelberg, 2010. URL: http://dx.doi. org/10.1007/978-3-642-11731-2_35,doi:10.1007/978-3-642-11731-2_35

work page doi:10.1007/978-3-642-11731-2_35 2010
[21]

Position paper on quantum key distribution

ANSSI, BSI, NLNCSA, Swedish National Communications Security Authority, and Swedish Armed Forces. Position paper on quantum key distribution. Technical report, ANSSI, BSI, NLNCSA, Swedish NCSA, January 2024. [Accessed 07-04- 2026]. URL: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Crypto/ Quantum_Positionspapier.pdf

2024
[22]

Bernstein and Tanja Lange

Daniel J. Bernstein and Tanja Lange. Post-quantum cryptography.Na- ture, 549(7671):188–194, September 2017. URL: http://dx.doi.org/10.1038/ nature23461,doi:10.1038/nature23461

work page doi:10.1038/nature23461 2017
[23]

Quantum key distribution (qkd) and quantum cryptography (qc), 2023

National Security Agency. Quantum key distribution (qkd) and quantum cryptography (qc), 2023. [Accessed 25-12-2025]. URL: https://www.nsa.gov/Cybersecurity/ Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/

2023
[24]

Post quantum com- puting impact on ict systems; recommendations on business continuity and al- gorithm selection

European Telecommunications Standards Institute (ETSI). Post quantum com- puting impact on ict systems; recommendations on business continuity and al- gorithm selection. ETSI EG 203 310 V1.0.0 (Final draft) EG 203 310, ETSI, Apr 2016. Guide (CYBER); Post Quantum Computing Impact on ICT Sys- tems. URL: https://www.etsi.org/deliver/etsi_eg/203300_203399/203...

2016
[25]

Ioannou and Michele Mosca

Lawrence M. Ioannou and Michele Mosca. A new spin on quantum cryptography: Avoiding trapdoors and embracing public keys. In Bo-Yin Yang, editor,Post-Quantum 268 Cryptography, pages 255–274, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg. doi:10.1007/978-3-642-25405-5_17

work page doi:10.1007/978-3-642-25405-5_17 2011
[26]

Everlasting multi-party computation

Dominique Unruh. Everlasting multi-party computation. In Ran Canetti and Juan A. Garay, editors,Advances in Cryptology – CRYPTO 2013, pages 380–397, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg. doi:10.1007/978-3-642-40084-1_22

work page doi:10.1007/978-3-642-40084-1_22 2013
[27]

Quantum key distribution in the classical authenticated key exchange framework

Michele Mosca, Douglas Stebila, and Berkant Ustao˘ glu. Quantum key distribution in the classical authenticated key exchange framework. In Philippe Gaborit, editor, Post-Quantum Cryptography, pages 136–154, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.doi:10.1007/978-3-642-38616-9_9

work page doi:10.1007/978-3-642-38616-9_9 2013
[28]

Quantum Threat Timeline Report 2024 - Global Risk Institute — globalriskinstitute.org

Michele Mosca and Marco Piani. Quantum Threat Timeline Report 2024 - Global Risk Institute — globalriskinstitute.org. https://globalriskinstitute.org/ publication/2024-quantum-threat-timeline-report/ , 2024. [Accessed 20-12- 2025]

2024
[29]

Quantum repeaters: From quantum networks to the quantum internet,

Koji Azuma, Sophia E. Economou, David Elkouss, Paul Hilaire, Liang Jiang, Hoi- Kwong Lo, and Ilan Tzitrin. Quantum repeaters: From quantum networks to the quantum internet.Rev. Mod. Phys., 95:045006, Dec 2023. URL: https://link.aps. org/doi/10.1103/RevModPhys.95.045006,doi:10.1103/RevModPhys.95.045006

work page doi:10.1103/revmodphys.95.045006 2023
[30]

Protocol-level description and self-contained security proof of decoy-state BB84 QKD protocol, 2025

Akihiro Mizutani, Toshihiko Sasaki, and Go Kato. Protocol-level description and self-contained security proof of decoy-state BB84 QKD protocol, 2025. URL: https: //arxiv.org/abs/2504.20417,arXiv:2504.20417

work page arXiv 2025
[31]

A largely self-contained and complete security proof for quantum key distribution.Quantum, 1:14, July 2017

Marco Tomamichel and Anthony Leverrier. A largely self-contained and complete security proof for quantum key distribution.Quantum, 1:14, July 2017. doi:10. 22331/q-2017-07-14-14

2017
[32]

Toyohiro Tsurumaru. Leftover Hashing From Quantum Error Correction: Unifying the Two Approaches to the Security Proof of Quantum Key Distribution.IEEE Transactions on Information Theory, 66(6):3465–3484, June 2020. doi:10.1109/TIT. 2020.2969656

work page doi:10.1109/tit 2020
[33]

Postselection Technique for Quantum Channels with Applications to Quantum Cryptography.Physical Review Letters, 102(2):020504, January 2009.doi:10.1103/PhysRevLett.102.020504

Matthias Christandl, Robert K¨ onig, and Renato Renner. Postselection Technique for Quantum Channels with Applications to Quantum Cryptography.Physical Review Letters, 102(2):020504, January 2009.doi:10.1103/PhysRevLett.102.020504

work page doi:10.1103/physrevlett.102.020504 2009
[34]

Cambridge University Press, USA, 1st edition, 2018

John Watrous.The Theory of Quantum Information. Cambridge University Press, USA, 1st edition, 2018. URL:https://cs.uwaterloo.ca/ ~watrous/TQI/. 269

2018
[35]

Quantum Information Processing with Finite Resources

Marco Tomamichel.Quantum Information Processing with Finite Resources, volume 5 ofSpringerBriefs in Mathematical Physics. Springer International Publishing, Cham, 2016.doi:10.1007/978-3-319-21891-5

work page doi:10.1007/978-3-319-21891-5 2016
[36]

Fuchs and J

C.A. Fuchs and J. van de Graaf. Cryptographic distinguishability measures for quantum-mechanical states.IEEE Transactions on Information Theory, 45(4):1216–1227, May 1999. URL: http://dx.doi.org/10.1109/18.761271, doi: 10.1109/18.761271

work page doi:10.1109/18.761271 1999
[37]

Privacy Amplification and Decoupling Without Smoothing.IEEE Transactions on Information Theory, 69(12):7784–7792, December 2023

Fr´ ed´ eric Dupuis. Privacy Amplification and Decoupling Without Smoothing.IEEE Transactions on Information Theory, 69(12):7784–7792, December 2023. doi:10. 1109/TIT.2023.3301812

work page arXiv 2023
[38]

Entropy Accumulation.Commu- nications in Mathematical Physics, 379(3):867–913, November 2020

Fr´ ed´ eric Dupuis, Omar Fawzi, and Renato Renner. Entropy Accumulation.Commu- nications in Mathematical Physics, 379(3):867–913, November 2020. doi:10.1007/ s00220-020-03839-5

2020
[39]

Monotonicity of a Relative Rényi Entropy

Rupert L. Frank and Elliott H. Lieb. Monotonicity of a relative R´ enyi entropy. Journal of Mathematical Physics, 54(12), 2013. URL: http://dx.doi.org/10.1063/ 1.4838835,doi:10.1063/1.4838835

work page doi:10.1063/1.4838835 2013
[40]

H.et al.Dynamically controlled charge sensing of a few-electron silicon quantum dot.AIP Advances1, 042111 (2011)

Felix Leditzky, Mark M. Wilde, and Nilanjana Datta. Strong converse theorems using R´ enyi entropies.J. Math. Phys., 57(8):082202, August 2016. doi:10.1063/1. 4960099

work page doi:10.1063/1 2016
[41]

131.100803

Marco Tomamichel and Renato Renner. Uncertainty Relation for Smooth Entropies. Physical Review Letters, 106(11):110506, March 2011. doi:10.1103/PhysRevLett. 106.110506

work page doi:10.1103/physrevlett 2011
[42]

Cambridge University Press, Cambridge, England, 2 edition, November 2023

Christopher C Gerry and Peter L Knight.Introductory quantum optics. Cambridge University Press, Cambridge, England, 2 edition, November 2023

2023
[43]

The computational complexity of universal hashing.Theoretical Computer Science, 107(1):121– 133, 1993

Yishay Mansour, Noam Nisan, and Prasoon Tiwari. The computational complexity of universal hashing.Theoretical Computer Science, 107(1):121– 133, 1993. URL: https://www.sciencedirect.com/science/article/pii/ 030439759390257T,doi:10.1016/0304-3975(93)90257-T

work page doi:10.1016/0304-3975(93)90257-t 1993
[44]

Adam Winick, Norbert L¨ utkenhaus, and Patrick J. Coles. Reliable numerical key rates for quantum key distribution.Quantum, 2:77, July 2018. doi:10.22331/ q-2018-07-26-77. 270

2018
[45]

Robust interior point method for quantum key distribution rate computation.Quantum, 6:792, 2022

Hao Hu, Jiyoung Im, Jie Lin, Norbert L¨ utkenhaus, and Henry Wolkowicz. Robust interior point method for quantum key distribution rate computation.Quantum, 6:792, 2022. URL:https://quantum-journal.org/papers/q-2022-09-08-792/

2022
[46]

Finite-size quantum key distribution rates from R\'enyi entropies using conic optimization

Mariana Navarro, Andr´ es Gonz´ alez Lorente, Pablo V. Parellada, Carlos Pascual- Garc´ ıa, and Mateus Ara´ ujo. Finite-size quantum key distribution rates from r´ enyi en- tropies using conic optimization, 2025. URL: https://arxiv.org/abs/2511.10584, arXiv:2511.10584

work page internal anchor Pith review Pith/arXiv arXiv 2025
[47]

2410.17803 , archivePrefix=

Kerry He, James Saunderson, and Hamza Fawzi. Qics: Quantum information conic solver.arXiv preprint arXiv:2410.17803, 2024. URL: https://arxiv.org/abs/2410. 17803

work page arXiv 2024
[48]

Quantum key distribution rates from non-symmetric conic opti- mization.Quantum, 9:1657, 2025

Andr´ es Gonz´ alez Lorente, Pablo V Parellada, Miguel Castillo-Celeita, and Ma- teus Ara´ ujo. Quantum key distribution rates from non-symmetric conic opti- mization.Quantum, 9:1657, 2025. URL: https://quantum-journal.org/papers/ q-2025-03-10-1657/

2025
[49]

Generalized numerical frame- work for improved finite-sized key rates with r´ enyi entropy.Physical Review A, 112(1):012612, 2025

Rebecca RB Chung, Nelly HY Ng, and Yu Cai. Generalized numerical frame- work for improved finite-sized key rates with r´ enyi entropy.Physical Review A, 112(1):012612, 2025. URL: https://journals-aps-org.proxy.lib.uwaterloo. ca/pra/abstract/10.1103/tyts-8v8j

work page doi:10.1103/tyts-8v8j 2025
[50]

Optimising the relative entropy under semidef- inite constraints.npj Quantum Information, 12(1), January 2026

Gereon Koßmann and Ren´ e Schwonnek. Optimising the relative entropy under semidef- inite constraints.npj Quantum Information, 12(1), January 2026. URL: http://dx. doi.org/10.1038/s41534-026-01184-4,doi:10.1038/s41534-026-01184-4

work page doi:10.1038/s41534-026-01184-4 2026
[51]

Characterising the correlations of prepare-and-measure quantum networks.npj Quantum Information, 5(1):17, 2019

Yukun Wang, Ignatius William Primaatmaja, Emilien Lavie, Antonios Varvitsiotis, and Charles Ci Wen Lim. Characterising the correlations of prepare-and-measure quantum networks.npj Quantum Information, 5(1):17, 2019. URL: https://www. nature.com/articles/s41534-019-0133-3

2019
[52]

Lecture notes on QKD

Norbert L¨ utkenhaus. Lecture notes on QKD
[53]

Measurement-device-independent quantum key distribution.Physical Review Letters, 108(13):130503, March 2012

Hoi-Kwong Lo, Marcos Curty, and Bing Qi. Measurement-device-independent quantum key distribution.Physical Review Letters, 108(13):130503, March 2012. arXiv:1109.1473,doi:10.1103/PhysRevLett.108.130503

work page doi:10.1103/physrevlett.108.130503 2012
[54]

Bennett, Gilles Brassard, and N

Charles H. Bennett, Gilles Brassard, and N. David Mermin. Quantum cryptography without Bell’s theorem.Physical Review Letters, 68(5):557–559, February 1992. doi:10.1103/PhysRevLett.68.557. 271

work page doi:10.1103/physrevlett.68.557 1992
[55]

Curty, M

Marcos Curty, Maciej Lewenstein, and Norbert L¨ utkenhaus. Entanglement as a Precon- dition for Secure Quantum Key Distribution.Physical Review Letters, 92(21):217903, May 2004.doi:10.1103/PhysRevLett.92.217903

work page doi:10.1103/physrevlett.92.217903 2004
[56]

Security of quantum key distribution with imperfect devices, September 2004

Daniel Gottesman, Hoi-Kwong Lo, Norbert L¨ utkenhaus, and John Preskill. Security of quantum key distribution with imperfect devices, September 2004. arXiv:quant-ph/ 0212066,doi:10.48550/arXiv.quant-ph/0212066

work page doi:10.48550/arxiv.quant-ph/0212066 2004
[57]

Security proof for quantum-key-distribution systems with threshold detectors.Physical Review A, 78(3):032302, September 2008

Toyohiro Tsurumaru and Kiyoshi Tamaki. Security proof for quantum-key-distribution systems with threshold detectors.Physical Review A, 78(3):032302, September 2008. doi:10.1103/PhysRevA.78.032302

work page doi:10.1103/physreva.78.032302 2008
[58]

Beaudry, Tobias Moroder, and Norbert L¨ utkenhaus

Normand J. Beaudry, Tobias Moroder, and Norbert L¨ utkenhaus. Squashing Models for Optical Measurements in Quantum Communication.Physical Review Letters, 101(9):093601, August 2008.doi:10.1103/PhysRevLett.101.093601

work page doi:10.1103/physrevlett.101.093601 2008
[59]

Squash operator and symmetry.Physical Review A, 81(1):012328, January 2010.doi:10.1103/PhysRevA.81.012328

Toyohiro Tsurumaru. Squash operator and symmetry.Physical Review A, 81(1):012328, January 2010.doi:10.1103/PhysRevA.81.012328

work page doi:10.1103/physreva.81.012328 2010
[60]

Gittsovich, N

O. Gittsovich, N. J. Beaudry, V. Narasimhachar, R. Romero Alvarez, T. Moroder, and N. L¨ utkenhaus. Squashing model for detectors and applications to quantum- key-distribution protocols.Physical Review A, 89(1):012325, January 2014. doi: 10.1103/PhysRevA.89.012325

work page doi:10.1103/physreva.89.012325 2014
[61]

Coles, Adam Winick, Jie Lin, and Norbert L¨ utkenhaus

Yanbao Zhang, Patrick J. Coles, Adam Winick, Jie Lin, and Norbert L¨ utkenhaus. Security proof of practical quantum key distribution with detection-efficiency mis- match.Physical Review Research, 3(1):013076, January 2021. doi:10.1103/ PhysRevResearch.3.013076

2021
[62]

Leung, Dominic Mayers, and Jonathan Oppenheim

Michael Ben-Or, Micha l Horodecki, Debbie W. Leung, Dominic Mayers, and Jonathan Oppenheim. The universal composable security of quantum key distri- bution, 2005. URL: https://arxiv.org/abs/quant-ph/0409078, doi:10.1007/ 978-3-540-30576-7_21

work page arXiv 2005
[63]

Security in quantum cryptography

Christopher Portmann and Renato Renner. Security in quantum cryptography. Reviews of Modern Physics, 94(2):025008, June 2022. doi:10.1103/RevModPhys.94. 025008

work page doi:10.1103/revmodphys.94 2022
[64]

Defining security in quantum key distribution, 2025

Carla Ferradini, Martin Sandfuchs, Ramona Wolf, and Renato Renner. Defining security in quantum key distribution, 2025. URL: https://arxiv.org/abs/2509. 13405,arXiv:2509.13405. 272

work page arXiv 2025
[65]

Categorical composable cryptography: extended version.Logical Methods in Computer Science, Volume 19, Issue 4, December 2023

Anne Broadbent and Martti Karvonen. Categorical composable cryptography: extended version.Logical Methods in Computer Science, Volume 19, Issue 4, December 2023. URL: http://dx.doi.org/10.46298/lmcs-19(4:30)2023, doi: 10.46298/lmcs-19(4:30)2023

work page doi:10.46298/lmcs-19(4:30)2023 2023
[66]

Quantum quotes, 2014

Gonzalo Arrazola. Quantum quotes, 2014. [Accessed 07-02-2026]. URL: https: //qonaom.wordpress.com/2014/06/30/quantum-quotes/

2014
[67]

Amir Arqand and Ernest Y. Z. Tan. Marginal-constrained entropy accumulation theorem, 2025. URL:https://arxiv.org/abs/2502.02563,arXiv:2502.02563

work page arXiv 2025
[68]

Quantum key distribution with high loss: Toward global secure communication.Physical Review Letters, 91(5), August 2003

Won-Young Hwang. Quantum key distribution with high loss: Toward global secure communication.Physical Review Letters, 91(5), August 2003. URL: http://dx.doi. org/10.1103/PhysRevLett.91.057901,doi:10.1103/physrevlett.91.057901

work page doi:10.1103/physrevlett.91.057901 2003
[69]

Decoy state quantum key distribution

Hoi-Kwong Lo, Xiongfeng Ma, and Kai Chen. Decoy state quantum key distribution. Phys. Rev. Lett., 94:230504, Jun 2005. URL: https://link.aps.org/doi/10.1103/ PhysRevLett.94.230504,doi:10.1103/PhysRevLett.94.230504

work page doi:10.1103/physrevlett.94.230504 2005
[70]

Beating the PNS attack in practical quantum cryptography.Physical Review Letters, 94(23):230503, June 2005

Xiang-Bin Wang. Beating the PNS attack in practical quantum cryptography.Physical Review Letters, 94(23):230503, June 2005. arXiv:quant-ph/0410075. URL: http: //arxiv.org/abs/quant-ph/0410075,doi:10.1103/PhysRevLett.94.230503

work page doi:10.1103/physrevlett.94.230503 2005
[71]

Estimates for practical quantum cryptography.Physical Review A, 59(5):3301–3319, May 1999

Norbert L¨ utkenhaus. Estimates for practical quantum cryptography.Physical Review A, 59(5):3301–3319, May 1999. URL: http://dx.doi.org/10.1103/PhysRevA.59. 3301,doi:10.1103/physreva.59.3301

work page doi:10.1103/physreva.59 1999
[72]

Bennett, Fran¸ cois Bessette, Gilles Brassard, Louis Salvail, and John Smolin

Charles H. Bennett, Fran¸ cois Bessette, Gilles Brassard, Louis Salvail, and John Smolin. Experimental quantum cryptography.Journal of Cryptology, 5(1):3–28, January 1992. URL:http://dx.doi.org/10.1007/BF00191318,doi:10.1007/bf00191318

work page doi:10.1007/bf00191318 1992
[73]

Gilles Brassard, Norbert L¨ utkenhaus, Tal Mor, and Barry C. Sanders. Limitations on practical quantum cryptography.Physical Review Letters, 85(6):1330–1333, August
[74]

URL: http://dx.doi.org/10.1103/PhysRevLett.85.1330, doi:10.1103/ physrevlett.85.1330

work page doi:10.1103/physrevlett.85.1330
[75]

Security against individual attacks for realistic quantum key distribution.Physical Review A, 61(5), April 2000

Norbert L¨ utkenhaus. Security against individual attacks for realistic quantum key distribution.Physical Review A, 61(5), April 2000. URL: http://dx.doi.org/10. 1103/PhysRevA.61.052304,doi:10.1103/physreva.61.052304. 273

work page doi:10.1103/physreva.61.052304 2000
[76]

PhD thesis, University of Waterloo, 2026

Lars Kamin.From Asymptotic to Finite-Size Security in Decoy-State Quantum Key Distribution. PhD thesis, University of Waterloo, 2026. URL: https://uwspace. uwaterloo.ca/items/48bd4a40-69d8-4342-bfcc-50fc5d0b67ca

2026
[77]

LFSR-based Hashing and Authentication

Hugo Krawczyk. LFSR-based Hashing and Authentication. In Yvo G. Desmedt, editor,Advances in Cryptology — CRYPTO ’94, pages 129–139, Berlin, Heidelberg,
[78]

URL: https://link.springer.com/chapter/10

Springer Berlin Heidelberg. URL: https://link.springer.com/chapter/10. 1007/3-540-48658-5_15,doi:10.1007/3-540-48658-5_15

work page doi:10.1007/3-540-48658-5_15
[79]

Kim, Vinod Vaikuntanathan, and Or Zamir

Tony Metger, Omar Fawzi, David Sutter, and Renato Renner. Generalised entropy accumulation. In2022 IEEE 63rd Annual Symposium on Foundations of Computer Sci- ence (FOCS), pages 844–850, October 2022.doi:10.1109/FOCS54457.2022.00085

work page doi:10.1109/focs54457.2022.00085 2022
[80]

Imperfect detectors for adversarial tasks with applications to quantum key distribution.Quantum, 10:2044, March 2026

Shlok Nahar, Devashish Tupkary, and Norbert L¨ utkenhaus. Imperfect detectors for adversarial tasks with applications to quantum key distribution.Quantum, 10:2044, March 2026. URL: http://dx.doi.org/10.22331/q-2026-03-24-2044 , doi:10.22331/q-2026-03-24-2044

work page doi:10.22331/q-2026-03-24-2044 2044

Showing first 80 references.