Home/Magazine Archive/April 2019 (Vol. 62, No. 4)/Fully Device Independent Quantum Key Distribution/Full Text

Research highlights
## Fully Device Independent Quantum Key Distribution

Quantum cryptography promises levels of security that are impossible to attain in a classical world. Can this security be guaranteed to classical users of a quantum protocol, who may not even trust the quantum devices used to implement the protocol?

This central question dates back to the early 1990s when the challenge of achieving Device-Independent Quantum Key Distribution (DIQKD) was first formulated. We answer the challenge by rigorously proving the device-independent security of an entanglement-based protocol building on Ekert's original proposal for quantum key distribution. The proof of security builds on techniques from the classical theory of pseudo-randomness to achieve a new quantitative understanding of the non-local nature of quantum correlations.

The gold standard in classical cryptography is semantic security^{16}—given an encoded message (ciphertext), any polynomial time adversary should have a negligible chance of obtaining any information whatsoever about the plaintext (the message that was encoded). Classical cryptographers have developed encryption schemes that are able to provide this guarantee by relying on un-proven assumptions about the computational difficulty of number-theoretic problems, such as factoring large numbers,^{28} or other more general complexity-theoretic assumptions. Such cryptographic assumptions are stronger than *P* ≠ *NP*, and considered unlikely to be proven in the foreseeable future, so one may ask whether any cryptosystems can have security guarantees that do not rely on unproven computational assumptions.

Bennett and Brassard's seminal discovery^{7} of a Quantum Protocol for Key Distribution (QKD) in 1984 opened up the possibility for a different kind of security—"unconditional security," or security based solely on the validity of universally accepted physical laws. QKD is a protocol that allows two distant parties to collaboratively and privately generate a perfectly random string, called the users' key. Once the users have generated a private shared key they can use it to communicate with perfect security as follows. To send a message securely, the sender uses the shared key as one time pad: the encoded message is simply the bit-wise XOR (parity) of the key with the message. The semantic security of this scheme is easy to verify, provided the one-time pad (the key) is completely random and unpredictable to any adversary.

The first rigorous proofs of security of QKD,^{21, 31} established over two decades ago, appeared to guarantee this ultimate notion of security could be achieved. However, the promise was short-lived. QKD researchers soon realized that practical implementations fell prey to types of attacks that were not accounted for by the security proofs, including side-channel attacks^{8} and photon receptor blinding attacks.^{20} More generally, these attacks pointed to a fundamental issue: given the remarkable features of quantum mechanics, such as superpositions, entanglement, and the uncertainty principle—some of which made QKD possible in the first place—how can one trust that there are not novel ways of attacking the quantum devices implementing a QKD protocol, unbeknownst to the honest, but classical, users of the protocol? The basic assumption that the user has perfect control over and trust in her quantum devices in a cryptographic protocol, on which all security proofs crucially relied, now appeared wholly unrealistic.

In a paper which appeared in the proceedings of FOCS'98, Mayers and Yao^{22} proposed a first principles approach to this question in the form of a new security paradigm called *device independence.*^{a} In this formulation, all quantum devices used in a protocol are modeled as black boxes with classical inputs and outputs. The user's confidence in a quantum device should be based only on the observed input-output behavior of the device. Concretely, in the context of QKD, a secure protocol should include a practical test that guarantees that the users' quantum devices behave according to specification, even in the scenario where the devices may have been manufactured by an adversarial party. More precisely, any execution of the protocol should either abort, or contain a proof, based only on the classical statistics observed during the execution, that no eavesdropper (a term we will use synonymously with "adversary") may have obtained any partial information about the final key (except with exponentially small probability).

Device independence may appear to set an impossibly high standard. Yet already a few years before the notion was introduced a different protocol for QKD had been proposed by Ekert,^{14} together with intuition suggesting that it should have strong security guarantees reminiscent of device independence. The starting point for Ekert's protocol was provided by the properties of a remarkable quantum phenomenon, entanglement—the very phenomenon which so famously puzzled the authors of the "EPR paradox".^{13} A canonical example of entanglement is the Bell state on two quantum bits, or *qubits*: . Physically, such a maximally entangled pair of qubits can be realized in the polarization of a pair of photons, or by any pair of spin- particles, such as electrons.

In pioneering work in the 1960s (see Bell^{6}) the physicist John Bell showed that suitable measurements on the two qubits in a Bell state generate correlations between their outputs that cannot be reproduced by non-communicating classical devices. Such non-local correlations provide a "test of quantumness," one that distinguishes quantum mechanics from the kinds of hidden variable theories that Einstein championed. Non-local correlations of this form have been been experimentally verified to exquisite precision in the form of Bell inequality violations.^{15,18,30}

The simplest example of a Bell experiment was discovered by Clauser et al.^{9} The experiment can be formulated as a game, the CHSH game, named after its inventors Clauser, Horne, Shimony, and Holt that plays an essential role in our protocol. In this game, devices *D _{A}* and

The importance of non-local correlations for device independence lies in the intuition that under certain conditions these correlations, which can be tested classically via a Bell experiment, can pin down the entangled state shared by the two devices—a phenomenon known as rigidity—as well as preclude entanglement with a third party such as the Eavesdropper—a phenomenon known as monogamy. Unfortunately, beyond its intuitive formulation monogamy is notoriously difficult to quantify, and this has been one of the main obstacles to a formal proof of security in the device-independent framework.

A significant step was taken by Barrett et al.,^{5} who were able to show security of a protocol generating a single bit of key based only on the no-signaling assumption that no information is exchanged between the users' devices, or between the devices and the eavesdropper. This is a weaker assumption than the quantum formalism, which implies non-signaling but is generally more restrictive. Their work inspired a large number of follow-up papers^{1,2,29} which sought security for protocols generating multiple bits, and attempted to leverage the quantum formalism to obtain a more fine-grained security analysis, leading to potential improvements in key rates. Unfortunately all these attempts ran into a fundamental obstacle, which is that one cannot use Bayes' rule for conditional probability in a quantum setting: the Eavesdropper's maximum probability of guessing two bits of the key *k*_{1} *k*_{2} cannot be expressed as the product of her maximum probability of guessing *k*_{1} times her maximum probability of guessing *k*_{2} given that she guessed *k*_{1}. This has to do with the quantum nature of the Eavesdropper, and the fact that different measurements on the same quantum state are not always compatible (they may not commute).

A complete proof of security of a variant of Ekert's protocol was first given in previous work of the authors.^{35} The goal of this paper is to highlight two key components of this security proof. The first is the use of deep properties of randomness extractors (extremal objects from the computational complexity-based theory of pseudorandomness) and their quantum-proof extensions to bypass obstacles, such as the absence of a suitable Bayes' rule more specifically, for analyzing quantum protocols generating multiple bits. Building upon previous work on certifiable quantum random number generation,^{34} the proof of security uses an extraction-based proof technique called the "quantum reconstruction paradigm" to perform a reduction from global attacks of the Eavesdropper to attacks on a single round of the protocol. This component of the proof should be of broad interest to complexity theorists interested in randomness extractors and multi-player games, and the exposition tries to make these aspects accessible.

The second component of the proof rules out single-round attacks by the Eavesdropper. This involves arguing that any such attack would imply an impossibly good strategy for three players involved in a simple non-local "guessing game," that would contradict the non-signaling principle. The proof takes the form of a reduction between guessing games, and may be particularly relevant to cryptographers in view of the recent interest in the properties of no-signaling distributions in the context of delegated computation.^{19}

Our security proof operates within a considerable generalization of the framework of Bell experiments that encompasses the study of correlations between the outputs of three quantum devices (the third device being used to model an Eavesdropper to the protocol) involved in a complex interaction which includes some limited communication between the devices. This generalization captures new physical phenomena, such as the monogamy of entanglement mentioned earlier. In our exposition we aim to abstract as much of the quantum formalism as possible by taking the point of view of classical users in the protocol, thereby also highlighting the classically understandable elements of the proof of security while postponing as far as possible any knowledge about the quantum formalism required to provide a low-level modeling of the quantum devices used.

To achieve device independent security in an experiment, it suffices to implement devices that can carry out the honest party's protocol with sufficient fidelity that their input-output behavior passes the statistical test specified in the protocol. This is in contrast to traditional security proofs that require e.g. a device that is guaranteed to emit a single qubit at a time, a criterion that cannot be verified based on statistical data. The recent experimental demonstrations of Bell tests reproducing the desired correlations even under stringent adversarial assumptions (so-called "loophole-free")^{5, 18, 30} make it a near-certainty that device-independent protocols for QKD will soon be realized. An even bigger canvas for such experiments is provided by the recent demonstration of the feasibility of distributing entangled qubits from satellite to distant ground stations.^{36} These are exciting times for quantum cryptography!

The qubit is the fundamental unit of quantum information. For our purposes it suffices to consider the following simplified definition: a qubit is a particle that can be in a real superposition of two states, labeled |0〉 and |1〉. The superposition is represented by a unit vector in the two dimensional real plane, and may be specified by a parameter *θ* as: (cos *θ* sin *θ*)^{T}, or in ket notation as |*ψ*_{θ}〉 = cos *θ*|0〉 + sin *θ*|1〉. This means that a unit vector pointing in the *x* direction indicates the state |0〉, and a unit vector pointing in the *y* direction represents the state |1〉^{b}.

An observation, or measurement, performed on a qubit is specified by a choice of basis. The distinguished basis formed by the *x* and *y*-axes is called the standard basis. The Born rule for the outcomes of quantum measurements specifies that a measurement of the state |*ψ*_{θ}〉 in the standard basis yields the outcome 0 with probability cos^{2} *θ*, and 1 with probability sin^{2} *θ*. Once the measurement has been performed, the qubit collapses to the post-measurement state consistent with the outcome obtained, |*ψ*_{0}〉 = |0〉 or |*ψ*_{π/2}〉 = |1〉 respectively. More generally, for any angle *ϕ* the qubit can also be measured in the basis obtained by rotating the standard basis by an angle of *ϕ*. Such a measurement yields the outcome 0 with probability cos^{2}(*θ* – *ϕ*), and 1 with probability sin^{2}(*θ* – *ϕ*) (See Figure 1).^{c} The post-measurement states are |*ψ*_{ϕ}〉 or |*ψ*_{π/2+ϕ}〉 respectively.

**Figure 1. Measuring ψ in the standard basis yields the outcome 0 with probability |α|^{2}. Measuring it in the basis (u, u^{⊥} yields the outcome u with probability cos^{2} ϕ.**

Now we turn to a discussion of entanglement. The most fundamental entangled state is the Bell state, which is a maximally entangled state of two qubits. Using the ket notation the Bell state is written To understand the remarkable properties of this state, let us start by describing the result of measuring both qubits in the same basis (|*ψ*_{ϕ}〉, |*ψ*_{π/2+ϕ}〉): first note that due to symmetry, the outcome of the measurement on each qubit is uniformly random; that is, 0 or 1, with probability 1/2 each. But the symmetry of the Bell state goes deeper. Note that the Bell state is rotationally invariant and can be written as (this can be easily verified by direct calculation). This means that the outcome of a measurement on the two qubits is that both outcomes are 0, or both outcomes are 1, each with probability 1/2. Moreover the post-measurement state is |*ψ*_{ϕ}〉|*ψ*_{ϕ}〉, or |*ψ*_{π/2+ϕ}〉|*ψ*_{π/2+ϕ}〉 respectively. This conclusion holds regardless of the spatial separation between the two qubits, a conclusion that appears very counterintuitive at first glance: how does the second qubit "know" the basis in which the first qubit has been measured, and the outcome obtained?

Such natural puzzlement, however, is an artifact of our presentation (the same given by Einstein, Podolsky and Rosen!). Indeed, a simple classical scenario recreates the same phenomenon. Consider two coins with the same random orientation, so that the normal to their surface makes the same (random) angle *θ* in the *x* – *y* plane. The two coins are then spatially separated while leaving their orientation unchanged and measured. By measurement, we mean pick an angle *ϕ*, look at the coin along the angle *ϕ* (looking from infinity, towards the coin), and report whether one sees a heads or tails (0 or 1). Clearly the outcome is uniformly random since the orientation *θ* was chosen uniformly at random. And if we observe (measure) both coins from the same angle *ϕ*, the outcomes will be identical.

The fundamental distinction between the quantum and classical settings manifests itself when the two qubits are measured in different bases. If we measure the first qubit in the standard basis and the second in a *ϕ*-rotated basis, then as previously each outcome (0 or 1) is individually random, but the measurement rule indicates that the two outcomes will match with probability cos^{2} *ϕ*. This differs from the statistics obtained in the classical scenario described above, in which the chance of obtaining matching outcomes is |1 − *ϕ*/*π*| for *ϕ* ∈ [0, *π*). The difference between these two numbers, *ϕ*^{2} vs. *ϕ*/*π* for small *ϕ*, is the foundation for Bell's test of quantumness.

We can now see how this difference plays out in a particularly elegant way in the case of the CHSH game. The quantum strategy starts with Alice and Bob sharing a Bell state. Each of them performs a measurement of their qubit in a basis which depends on their input bit (*x* or *y*), and announces the result: Alice measures her qubit in a *θ*_{A}-rotated basis, with *x*, and Bob measures his qubit in a *θ*_{B}-rotated basis, with *y* (Figure 2). In the three cases where *xy* = 0, the players measure in bases that are π/8-rotated relative to each other, and therefore output the same bit (i.e. *a* ⊕ *b* = 0) with probability cos^{2} *π*/8. In the case where *xy* = 1, they measure in bases that are 3π/8-rotated relative to each other, and therefore output different bits (i.e. *a* ⊕ *b* = 1) with probability cos^{2} *π*/8 as well. Thus in each of the four cases they succeed with probability exactly cos^{2} *π*/8. In contrast, the classical strategy based on the use of random coins described earlier, using the same angles as the quantum strategy (the angles should be doubled to account for the different way these angles are used in quantum or classical strategies), would produce valid outcomes with probability 1 − 1/4 = 3/4 in each case.

**Figure 2. Our proof of security relies on one of the most fundamental Bell inequalities, the CHSH inequality, ^{9} which is pictured here as a small game. Honest devices measuring a Bell pair in the bases indicated on the right of the figure will produce outputs such that Pr(a ⊕ b = xy) = cos^{2} π/8 whenever x, y Œ {0, 1}, and a = b whenever x = 2 and y = 0.**

We are ready to move on to the more complex task of key distribution. The goal of this task is for two trusted but distant users Alice and Bob to agree on a shared *n*-bit key *K* ∈ {0, 1}^{n}. A key distribution protocol must guarantee that if the protocol runs to completion then the users produce identical keys that are indistinguishable from a uniformly random string to any eavesdropper. The only resources available to the users are trusted local random number generators and a public, authenticated quantum communication channel.

**3.1. Ekert's protocol**

We first introduce a slight variant of Ekert's protocol, that carries the same intuition for security. The users, Alice and Bob, initially share a large number, *N*, of Bell states. These states could have been generated by Alice, with one qubit from each state transmitted to Bob. Since all communication channels are public, an eavesdropper may have interfered with the qubits. Taking an adversarial point of view, it is convenient to consider a symmetric formulation, where Alice and Bob have been provided with quantum devices, *D _{A}* and

In the protocol, the devices *D _{A}* and

Ekert's intuitive argument for security of this protocol relied on a few observations. The first is that the eavesdropper cannot obtain any meaningful information while the qubits are in transit from the source, because there is no information encoded in the Bell state: as formulated in Ref. Ekert,^{14} the information only "comes into being" when the qubits are measured by Alice and Bob. Therefore the only reasonable attack for the Eavesdropper at this stage is to keep a quantum state that may be partially or fully entangled with the qubits that are present in Alice and Bob's devices. A second observation is that the CHSH game test can be used to build confidence that the qubits are indeed in a Bell state. Intuitively, the Bell state is a pure state, which by definition cannot be entangled with any qubits held by the eavesdropper. Therefore, even after the users have interacted with their devices there should be no additional information that the eavesdropper may gain by performing measurements on her system. Ekert did not provide a proof of security for his QKD protocol. A proof in the weaker model for security, in which the users' quantum devices are trusted, was first achieved by reduction to the BB'84 protocol.^{31} The proof bypassed Ekert's original intuition, instead building on the nascent theory of quantum error-correction and its application to entanglement distillation, and it crucially relied on the assumption that the quantum devices are fully trusted.

**3.2. Protocol E1**

We will show security for a variant of the protocol described in the previous section, described in Figure 3. As previously, the users, Alice and Bob, are provided with arbitrary quantum devices *D _{A}*, which takes as input a trit

**Figure 3. Our DIQKD protocol, protocol E1.**

We divide the protocol into three phases. The first phase is the *generation phase*, in which the users execute their respective device *N* times in sequence by making uniformly random choices of inputs and collecting the *N* output bits. Then begins the *testing phase*: the users publicly select a constant fraction γ of the rounds uniformly at random and evaluate the devices' success probability in a variant of the CHSH game on average over the input-output pairs generated in those rounds. If they observe that the success probability deviates from the optimum by more than the allowed tolerance *η*, the users abort the protocol. Otherwise they proceed to the *extraction phase.* For this they exchange their inputs in all rounds and discard rounds in which the inputs were not (*x _{i}*,

The most important point of departure from Ekert's protocol lies in the small fraction γ of rounds in which the CHSH game correlations are tested. Skimping on testing may appear to weaken the security of the protocol: why not use all possible correlations for the test? On the other hand, testing involves publicly revealing the input/output pairs for those rounds, and this runs the risk of dishonest devices leaking information to the eavesdropper. Indeed, as we will see the proof of security of the protocol will require us to set a small, constant upper bound on the fraction γ of rounds selected for testing.

We formalize the intuition underlying protocol E1 in terms of two concepts, neither of which had been clearly formulated at the time of Ekert's paper. The first is known as rigidity. This is the observation that there is an essentially unique way to achieve the optimal success probability of cos^{2} *π*/8 in the CHSH game: any optimal strategy for the devices *D _{A}* and

One possible approach to a formal proof of security of the protocol would be to give a quantitative formulation of both concepts. While this can be done within the mathematical formalism of quantum mechanics, there are strong impediments to the use of the resulting theory for proving security in any practically meaningful sense. First of all, achieving device independence prevents us from making any a priori assumption on the quantum systems used, such as a bound on the dimension of the underlying Hilbert space. Without such bound it is not a priori obvious how the distance to the optimal strategy scales as a function of the deviation from optimality of the statistics observed, a difficulty already faced by Mayers and Yao.^{22} More importantly, the interaction scenario which takes places in the QKD protocol is complex and involves multiple sources of information leaked to the eavesdropper. While a proof of security along these lines was given in Ref. Reichardt et al.,^{27} the bounds obtained are too weak to tolerate any errors in the execution of the protocol (such as unavoidable photon losses, false detection events, etc).

The proof of security can be decomposed into two parts. The first analyzes a single randomly chosen round of the protocol. It shows that if the protocol succeeds, then with high probability the devices' output in the chosen round must be at least partially unknown to the Eavesdropper. To do so, the challenge faced by the Eavesdropper is formulated in terms of a two player guessing game, and the information of the Eavesdropper is bounded by means of a reduction to a trivial guessing game. The maximum success probability in the latter game is bounded by virtue of the no-signaling principle, that is, in the absence of communication between the two players, the output distribution of one player must be independent of the other player's input. This part of the proof does not resort to the quantum formalism at all (though doing so can be used to give stronger quantitative bounds).

The second part of the proof shows that over a large number *N* of rounds, the protocol yields Ω(*N*) bits of shared random key that are secure against the eavesdropper. Analyzing multiple rounds of the protocol runs into fundamental obstacles having to do with the quantum nature of the Eavesdropper and her attack. Ideally we would like to associate the extraction of fewer than Ω(*N*) bits of shared random key with the failure of the guessing game argument in some round, resulting in a contradiction. The issue is that the Eavesdropper's attack could be a global measurement on her part of the quantum state based on the classical information exchanged in all rounds of the protocol, leading to a loss of control over the sequential nature of the protocol. We will get around these obstacles by appealing to powerful results from the theory of randomness extractors to directly deal with correlations between the classical information generated by Alice, Bob and the Eavesdropper. Roughly, this paradigm allows us to directly conclude that if the key generated by the protocol is distinguishable from random by the eavesdropper, then there is an (efficient) classical procedure to reconstruct Alice's raw key with non-negligible probability. This allows us to use classical information-theoretic tools to perform a reduction to the guessing game.

At its heart the security guarantees provided by a single round of protocol E1 hinge on the following guessing game (Figure 4). We start with an augmented variant of the CHSH game, where in addition to the CHSH game inputs Alice can be provided with a third input, labeled 2 (each input is chosen with probability 1/3). If inputs to the players are (*x, y*) = (2, 0) then their outputs should match. Assuming the no-signaling principle and the validity of quantum mechanics (specifically, that *ω* = cos^{2} *π*/8 is the optimal bound in the CHSH game), it is easy to see that Alice and Bob can win the augmented CHSH game with probability which is optimal.

**Figure 4. The guessing game. Any devices satisfying both the CHSH condition a ⊕ b = xy and the guessing condition c = a with high enough probability must allow signaling between D_{A} and D_{B}.**

**Figure 5. The proof of the guessing lemma. Using the winning condition for the CHSH game, wherever b_{1} is the distance between a_{0} and a_{1} must be at least 2(1 − ω). This implies the balls of radius (1 − ω) centered are a_{0} and a_{1} are disjoint.**

Now we consider adding one more rule to the game, the "guessing rule": Bob should always produce a second output, *c* ∈ {0, 1}. The guessing rule requires that *c* should match Alice's output *a* whenever her input is *x* = 2 (if *x* ∈ {0, 1} then there is no requirement on *c*). We will show that Alice and Bob cannot achieve close to the optimal probability of in the extended CHSH game, and simultaneously satisfy the guessing rule on Bob's output *c* with probability close to 1: whatever Bob does, he cannot collaborate with Alice to succeed in the CHSH game, while simultaneously producing a valid guess for her output. This is a manifestation of the phenomenon of monogamy of quantum correlations alluded to earlier. To understand the significance of this result for the security of protocol E1, note that it also implies that Alice's output bit must look somewhat random to the eavesdropper, even when provided with Alice and Bob's inputs. To see this, observe that any such eavesdropper could be lumped together with Bob to derive a successful strategy in the guessing game described above.

The proof is in the form of a reduction to the following trivial guessing game. There are two cooperating players, Alice and Bob. At the start of the game, Bob receives a single bit *y* ∈ {0, 1} chosen uniformly at random. The players are then allowed to perform arbitrary computations, but are not allowed to communicate. At the end of the game, Alice outputs a bit *a*, and the players win if *a* = *y.* Clearly, any strategy with success probability that deviates from indicates a violation of the no-signaling assumption between Alice and Bob. The idea behind the use of guessing games is to show that any undesirable outcome in the cryptographic protocol—such as a successful strategy for the Eavesdropper—can be bootstrapped into a successful strategy for Alice and Bob in the trivial guessing game, thereby contradicting the no-signaling assumption.

GUESSING LEMMA. *Suppose that Alice and Bob succeed in the augmented CHSH game with probability at least* *where* *Then the maximum probability with which Bob can successfully guess Alice's output on input x = 2 is at most* 1 − *C*(*η*_{0} − *η*), *where C and* *η*_{0} *are universal constants.*

Although in general optimization over quantum strategies is intractable, good upper bounds can often be obtained by considering convex relaxations of the set of valid quantum strategies for the players (using e.g. semidefinite programming). Here the game is sufficiently simple that an intuitive argument can be given which already provides a meaningful bound.

PROOF. For simplicity, we start by showing that when *η* = 0, then Bob cannot guess Alice's output with probability 1. A more careful accounting of the parameters then provides the claimed bound. Note that is the maximum probability with which Alice and Bob can succeed in the augmented CHSH game—for this to happen they must win the CHSH game with optimal probability *ω*, and on inputs *x* = 2 and *y* = 0, the outputs *a* and *b* must be equal. We assume for contradiction that Bob can guess Alice's output (on input *x* = 2) with probability 1.

We imagine repeated sequential execution of the devices, with the same fixed inputs *x* and *y*, for some number *k* of executions. Let denote Bob's outputs, and denote Alice's outputs, over these *k* executions. Then the condition on the augmented CHSH game implies that the players' outputs should match when the inputs are Also by the assumption of successful guessing, on inputs (2, *y*) for any *y* the players' outputs satisfy It follows that The fact that Alice and Bob win the CHSH game with probability *ω* implies that for any *x* ∈ {0, 1}, the relative Hamming distance (by the Chernoff bound this is sharply concentrated as *k* grow). It follows that

Now suppose Alice knew Bob's output (we will justify this assumption later). We claim that this gives Alice an advantage in guessing Bob's input *y* thus providing a contradiction with the elementary guessing game described at the start of the section. Alice's strategy is as follows: if given her input *x* and output she guesses *y* = 0 if , and *y* = 1 otherwise, where *ϵ* is an arbitrarily small constant (depending on *k*).

First note that if *y* = 0 then she succeeds with probability close to 1. This is because as shown above, since for any On the other hand, when *y* = 1, by the CHSH game condition it should be the case that and By the triangle inequality, It follows that and cannot both be close to any fixed : i.e. both conditions and cannot be simultaneously satisfied. This means that in the case *y* = 1, Alice must succeed with probability about 1/2, and therefore overall Alice can guess Bob's output with probability close to 3/4. Contradiction.

To justify the assumption that Alice knows Bob's output , we consider the following experiment: Alice and Bob execute *D _{A}* and

This concludes the proof for the case of *η* = 0. It is not difficult to reproduce the same proof to make the reasoning more quantitative in the more general case that *η* > 0. We leave this as an exercise to the reader. ◻

Before continuing with the multi-round analysis, we note that the guessing lemma already gives an "in principle" proof of security for quantum key distribution, following an argument due to Barrett et al.^{4} (though they used a different, more complex Bell inequality to achieve a security parameter that scales inverse proportionally to the number of rounds). Consider the following simplified variant of Protocol E1. The users instruct their devices to sequentially play Θ(*N*) instances of the augmented the CHSH game. Alice chooses a random time at which to stop the games, and announces it (publicly) to Bob. The users publicly exchange their inputs. Once this has been done, they determine the last round, prior to the stopping time, where they used the input pair (2, 0), and should thus have matching outputs; call this the key round. They exchange their outputs in all rounds prior to the key round and estimate the (augmented) CHSH game correlations. Provided these correlations come close enough to the CHSH game bound they use their output in the key round for the final key. Based on a simple martingale argument it is not hard to show that, conditioned on the devices producing outputs that satisfy the CHSH game correlations in all rounds prior to the key round, the devices in the key round have a high probability of satisfying the CHSH game condition as well (even if it is not checked). Using the guessing lemma it must be that, in that round, the eavesdropper has a bounded probability of guessing the users' shared bit.

Note that the above argument provides a complete proof of security (for a single bit of key), without having to resort to the quantum formalism at all: the only assumption needed for security is the no-signaling principle. Going beyond a single round, however, will require us to assume in addition that the devices' behavior can be modeled using quantum mechanics.

We proceed to analyze the complete protocol^{d}. Our goal is to provide a reduction: we aim to show that any global strategy for the Eavesdropper that yields even partial information about the users' final shared key implies an attack on a single round of the protocol of the form described, and ruled out, in the previous section. As mentioned earlier, analyzing multiple rounds of the protocol runs into fundamental obstacles having to do with the quantum nature of the Eavesdropper and her attack. We will get around these obstacles by appealing to powerful results from the theory of randomness extractors to directly deal with correlations between the classical information generated by Alice, Bob and the Eavesdropper.

The first step is to formalize exactly what constitutes a strategy for the Eavesdropper. Recall that protocol E1 includes an ultimate post-processing step called *privacy amplification.* This task converts the raw key *K* shared by Alice and Bob (which they derived from *K _{A}* and

The major challenge thus remains to establish that the source, *K*, contains enough entropy from the viewpoint of the Eavesdropper. Our approach to showing this is based on (the quantum generalization of) a proof technique from the theory of pseudo-randomness called the "reconstruction paradigm," originally introduced by Trevisan^{33} towards the analysis of a class of *strong randomness extractors.* Roughly, this paradigm allows us to make a stronger statement than the generic strong extractor reduction sketched above: it allows us to show directly that if the key generated by the protocol (after privacy amplification) is distinguishable from random by the eavesdropper, then there is an (efficient) classical procedure to reconstruct Alice's raw key with non-negligible probability. This allows us to use classical information-theoretic tools to complete a reduction to the guessing game.

**6.1. Global attacks**

Before delving into more details about the reconstruction paradigm, we first review some of the difficulties to be over-come by the analysis.

Recall that the main difference introduced in protocol E1 compared to Ekert's protocol is the presence of only a small fraction of test rounds. The following simple attack demonstrates that the restriction is necessary for security. Note that Alice's device *D _{A}* is able to distinguish key rounds from test rounds, since it is given a special input, 2, for the former type of round. Suppose the eavesdropper programs

Even setting the issue of adaptive devices aside, there is a second important difficulty. Assume the users had a way to enforce that their devices perform independent and identical operations in each round. It may still be the case that the Eavesdropper, on which no control is possible, benefits from a global measurement on all the side information she has collected throughout the protocol in order to implement her final attack on the key. Such an attack should be ruled out, even if its success probability is tiny, as long as it is higher than the security parameter for the protocol. So assume the Eavesdropper has performed a successful attack. Here begins the difficulty: conditioning on success of an unlikely event, which involves a measurement on the quantum side information and the public information leaked throughout the protocol, introduces correlations between the classical data observed by the users (including the devices' inputs and outputs in all rounds) that need to be taken care of by the security proof.

The confounding factor here is that Bayes' rule for conditional probabilities does not work in the presence of quantum side information. Informally, if *P _{g}*(

In order to side-step the issue we treat the combination of the joint quantum state of the devices and the eavesdropper, and the possible effects of the global measurement, as a black box, and focus on the classical information processed by Alice and Bob and the ways it which it can correlate with classical information generated by the Eavesdropper. The main tool in the analysis is the "reconstruction paradigm" mentioned above, which we discuss next.

**6.2. Security and the reconstruction paradigm**

Let us first recall the main ideas behind the (classical) reconstruction paradigm.^{33,e} Consider a strong extractor Ext which takes two strings of bits as input, the source *X* and the seed *Y*, and combines them to produce an output *Z* = Ext(*X, Y*). Proceeding by contradiction, assume the adversary has the ability to distinguish the output of the extractor from uniform, with non-negligible advantage ε. Observe the weakness of this starting point: the adversary's advantage could come from any kind of information; for example, she is able to predict, with small advantage ε, the parity of a small subset of the bits of *Z*, the location of which itself depends on other bits of *Z*, etc. The reconstruction paradigm uses properties of a specific construction of Ext to show that from any such adversary it is possible to construct (explicitly, and this will be important for us) the following stronger adversary. The stronger adversary has the ability, given as side information the information available to the original adversary (partial information about *X* and the seed *Y*) as well as a few additional "advice bits" about *X*, to produce a "reconstructed" guess for the complete string *X* that is correct with probability of the order of (ε/*m*)^{2}, where *m* is the length of *Z.*

Our security proof relies on an adaptation of the reconstruction paradigm to the case of quantum side information. This allows us to argue that any eavesdropper who is able to distinguish the final key *Z* generated by the users from a uniformly random string can be "bootstrapped" into a stronger eavesdropper who, given a few additional bits of advice, is able to guess the complete string of outputs *K _{A}* generated by Alice's device in the protocol with non-trivial probability. Note that this probability is of the same order as the security parameter ε. To see that it is a strong bound, note that it is much larger than the easy bound of inverse exponential in the extracted key length, which follows (using any strong extractor) from the correspondence between quantum conditional minentropy and guessing probability. Formally introducing the quantum reconstruction paradigm would require notation that is beyond the scope of this article. For the expert, we mention that the main tool used in the analysis is the "pretty good measurement" of Hausladen and Wooters,

**6.3. Reduction to the guessing game**

Recall that the raw key *K _{A}* is formed from the bits

The second step in the analysis is to rule out such attacks. We achieve this by performing a reduction to the guessing game considered in Section 5. In order to present the reduction, it is convenient to abstract the present scenario as the following multi-round form of the guessing game. Alice gets an *N*-trit input *x*, and Bob an *N*-bit input *y*, chosen uniformly at random. They use their respective devices, *D _{A}* and

To show this we perform a reduction to the single-round guessing game. We seek to identify a round *i*_{0} ∈ {1, ..., *N*} such that the following holds. Let *D*_{A,j0} and *D*_{B,j0} denote the state of Alice and Bob's devices at the beginning of round *i*_{0}, conditioned on all past events. This includes fixing values for all prior input and output bits, and making those values available to the three players. It should then be the case that (i) the devices *D*_{A,j0} and *D*_{B,j0} have a large success probability in the augmented CHSH game, when provided uniformly random inputs (*x, y*) ∈ {0, 1, 2} × {0, 1}, and (ii) Eve has a strategy which allows her to produce a correct guess for the output *a* obtained by *D*_{A,j0}, when given the input *x* = 2, with high probability. If both conditions can be shown to hold simultaneously, the single-round guessing lemma, Lemma 1, will give a contraction.

As explained earlier, the main difficulty in completing the reduction is that the adversary's attack in the original, multi-round protocol is based on a global measurement on her side information, which includes the classical information gleaned throughout the protocol, as well as her initial quantum state. The application of the quantum reconstruction paradigm dispenses with the need to deal with the adversary's quantum state at the expense of providing her with a small number of advice bits. We separate this information in two parts: first, the users' input strings (*x, y*). Second, the user's outputs (*a*_{B}, *b*_{B}) in test rounds, and the advice bits *g*(*a*_{C}). This second part of the information can be handled using a standard trick: instead of waiting for the bits to be available, we modify the adversary into one which makes a uniformly random choice for them. Using that the number of rounds used as checks is small compared to |C|, her success probability remains non-negligible.

The other part of the side information, the inputs (*x, y*), cannot be eliminated in the same way, as it contains too many bits. We can split the inputs in two parts: those to be chosen before round *i*_{0}, and those chosen after. The inputs chosen before round *i*_{0} will be made publicly available as part of the specification of the devices *D*_{A,j0} and *D*_{B,j0}, so there is no need to worry about them. Regarding the inputs to be chosen after round *i*_{0}, it is enough to argue that a "good" choice of inputs exist: indeed, the device's output in round *i*_{0} cannot depend on inputs provided to the device after round *i*_{0}; here the sequential nature of the protocol is used in an important way.

Now that we have a single, fixed measurement for the adversary, with hard-wired values for (*x, y*) and the advice bits, we are finally in a position to apply the (classical!) Bayes' rule in order to identify the round *i*_{0} satisfying conditions (i) and (ii). This provides the following straightforward implication:

for some small constant *δ* > 0.

The conditioning implied by Bayes' rule, however, presents a last difficulty: it may introduce correlations between the state of the devices at the beginning of the *i*_{0}-th round, and the inputs that the devices "expect" in that round. Indeed, the conditioning is on the event that the adversary's guesses in rounds prior to *i*_{0} are correct. The guesses in turn depend on the choice of inputs (*x, y*) that were "hard-wired" into the adversary as part of the reduction described above. Thus correctness of the adversary's guesses can bias the distribution of inputs in round *i*_{0}, which is no longer uniform and may be jointly correlated with the state of the devices *D*_{Aj0} and *D*_{Bj0}. For example, it could be that the inputs in a fixed round *i*_{0} are forced to a specific choice such as (0, 0), making the guarantee (i) all but useless (if the inputs are fixed, it is easy to win the CHSH game). This difficulty is similar to one encountered in the analysis of the parallel repetition of multiplayer games. The standard approach for this problem was introduced in work of Raz^{26} showing a parallel repetition theorem for the value of classical two-player games. The main idea consists in arguing that conditioning on an event with large enough probability cannot introduce strong correlations in all, or even most, coordinates of a distribution that is initially in product form. At a technical level, the analysis uses the chain rule for mutual information and Pinsker's inequality.

In our scenario a very similar approach can be employed to show that conditioning on the adversary's success, provided success happens with large enough probability, cannot bias the users' input distribution in most rounds by too much. This uses that initially (before the conditioning) the distribution is a product distribution, sampled independently in each of the large number of rounds of the protocol.

Unfortunately this statement is not sufficient for our purposes. We need to show, not only that the inputs to the devices in the round *i*_{0} are close to uniformly random, but also that the post-measurement state of the devices (conditioned on the same success event) is not correlated to the users' choice of input. To show that this cannot happen we expand on Raz' technique by introducing a coding argument to deal with the quantum correlations. Assume for contradiction that the devices' state has a non-trivial correlation with their input (after a successful guess of the eavesdropper), and that this holds in most rounds. We show that such devices, including the eavesdropper's strategy, could be used to transmit classical information from Bob and the eavesdropper to Alice at a more efficient rate than is allowed by standard arguments from quantum information theory, thereby reaching a contradiction. For a further discussion of this step we refer to previous work of the authors.^{35}

From their origins in the EPR thought experiment, through their formulation in Bell's work and the CHSH test, to their use in device-independent cryptography, the non-local correlations of quantum mechanics have gone from undesirable paradox to operationally desirable certificates, not only of quantumness but also of randomness and privacy.^{f}

Our proof of security inscribes itself in a long sequence of works demonstrating progressively stronger uses of quantum correlations. Although the relevance of non-local correlations for cryptography was already pointed out by Ekert, the first concrete results considered the related task of randomness amplification, in which a single user, Alice, wishes to certify that two devices in her possession generate random bits, while using as few possible seed bits of randomness to test the device.

A protocol for randomness certification was first proposed in Colbeck,^{10} and the task was experimentally demonstrated in 2012.^{25} Some of the ideas present in this paper were first formulated in the analysis of a protocol for exponential randomness expansion we introduced in previous work of the authors;^{34} subsequently it was shown that even unbounded expansion is possible.^{11}

Subsequent to our work on quantum key distribution a second proof of security for DIQKD was put forward in Miller and Shi.^{23} Neither proof achieves practical parameters, a gap recently filled by a third proof^{3} which establish security of a protocol with essentially optimal noise tolerance and key rate. Although the three proofs inevitably bear some similarity, they seem to rely on essentially different arguments; it remains a challenge to find a unifying framework for device-independence that would combine their respective advantages.

Recent progress in experiments^{15,18,30} place the implementation of protocols for entanglement-based quantum key distribution just around the corner. One may even start to see emerging the possibility for entanglement generation not only between single-qubit devices, as are needed for QKD, but small multi-qubit "quantum computers in the cloud" such as the one recently demonstrated by IBM. Computing devices sharing quantum entanglement may be able to implement tasks beyond quantum key distribution, from simple protocols such as, for example, quantum secret sharing or entanglement swapping, to the complex task of verifiable delegated computation. Although this remains a distant prospect, it is our hope that the techniques developed in this work will find far broader applicability in the future of quantum cryptography!

We thank the *Communications* editors and Gilles Brassard for useful feedback on an earlier version of this article.

Umesh Vazirani is supported by NSF Grant CCF-1410022, MURI Grant FA9550-18-1-0161 and a Vannevar Bush Faculty Fellowship. Thomas Vidick is supported by AFOSR YIP award number FA9550-16-1-0495, MURI Grant FA9550-18-1-0161, and a CIFAR Azrieli Global Scholar award.

1. Acín, A., Brunner, N., Gisin, N., Massar, S., Pironio, S., Scarani, V. Device-independent security of quantum cryptography against collective attacks. *Phys. Rev. Lett. 98*, 230501 (2007).

2. Acín, A., Gisin, N., Masanes, L. From Bell's theorem to secure quantum key distribution. *Phys. Rev. Lett. 97*, 120405 (2006).

3. Arnon-Friedman, R., Renner, R., Vidick, T. Simple and tight device-independent security proofs. *arXiv preprint arXiv:1607.01797* (2016).

4. Barrett, J., Colbeck, R., Kent, A. Unconditionally secure device-independent quantum key distribution with only two devices. *Technical report arXiv*:1209.0435 (2012).

5. Barrett, J., Hardy, L., Kent, A. No signaling and quantum key distribution. *Phys. Rev. Lett. 95*, 010503 (2005).

6. Bell, J.S. On the Einstein-Podolsky-Rosen paradox. *Physics 1* (1964), 195–200.

7. Bennett, C., Brassard, G. Quantum cryptography: Public key distribution and coin tossing. In *Proceedings of the International Conference on Computers, Systems, and Signal Processing* (1984), 175–179.

8. Brassard, G., Lütkenhaus, N., Mor, T., Sanders, B.C. Limitations on practical quantum cryptography. *Phys. Rev. Lett. 85* (Aug 2000), 1330–1333.

9. Clauser, J.F., Horne, M.A., Shimony, A., Holt, R.A. Proposed experiment to test local hidden-variable theories. *Phys. Rev. Lett. 23* (1969), 880–884.

10. Colbeck, R. *Quantum and Relativistic Protocols for Secure Multi-Party Computation.* PhD thesis, Trinity College, University of Cambridge, Cambridge, UK, Nov. 2006.

11. Coudron, M., Yuen, H. Infinite randomness expansion with a constant number of devices. In *Proceedings of the 46 ^{th} Annual ACM Symposium on Theory of Computing* (ACM, 2014), 427–436.

12. De, A., Portmann, C., Vidick, T., Renner, R. Trevisan's extractor in the presence of quantum side information. *SIAM J. Comp. 41*, 4 (2012), 915–940.

13. Einstein, A., Podolsky, P., Rosen, N. Can quantum-mechanical description of physical reality be considered complete? *Phys. Rev. 47* (1935), 777–780.

14. Ekert, A.K. Quantum cryptography based on Bell's theorem. *Phys. Rev. Lett. 67* (1991), 661–663.

15. Giustina, M., Versteegh, M.A., Wengerowsky, S., Handsteiner, J., Hochrainer, A., Phelan, K., Steinlechner, F., Kofler, J., Larsson, J.-Å., Abellán, C., et al. Significant-loophole-free test of Bell's theorem with entangled photons. *Phys. Rev. Lett. 115*, 25 (2015), 250401.

16. Goldwasser, S., Micali, S. Probabilistic encryption & how to play mental poker keeping secret all partial information. In *Proceedings of the fourteenth annual ACM symposium on Theory of computing* (ACM, 1982), 365–377.

17. Hausladen, P., Wootters, W.K. A "pretty good" measurement for distinguishing quantum states. *J. Mod. Opt. 41*, 12 (1994), 2385–2390.

18. Hensen, B., Bernien, H., Dréau, A.E., Reiserer, A., Kalb, N., Blok, M.S., Ruitenberg, J., Vermeulen, R.F., Schouten, R.N., Abellán, C., et al. Loophole-free bell inequality violation using electron spins separated by 1.3 kilometres. *Nature 526*, 7575 (2015), 682–686.

19. Kalai, Y.T., Raz, R., Rothblum, R.D. How to delegate computations: the power of no-signaling proofs. In *Proceedings of the forty-sixth annual ACM symposium on Theory of computing* (ACM, 2014), 485–494.

20. Lydersen, L., Wiechers, C., Wittmann, C., Elser, D., Skaar, J., Makarov, V. Hacking commercial quantum cryptography systems by tailored bright illumination. *Nat. Photonics 4*, 10 (2010), 686–689.

21. Mayers, D. Unconditional security in quantum cryptography. *J. ACM 48*, 3 (May 2001), 351–406.

22. Mayers, D., Yao, A. Quantum cryptography with imperfect apparatus. In *Proceedings of the 39th Annual Symposium on Foundations of Computer Science*, FOCS '98 (IEEE Computer Society, 1998), Washington, DC, USA, 503.

23. Miller, C.A., Shi, Y. Robust protocols for securely expanding randomness and distributing keys using untrusted quantum devices. *J. ACM 63*, 4 (2016), 33.

24. Pironio, S., Acín, A., Brunner, N., Gisin, N., Massar, S., Scarani, V. Device-independent quantum key distribution secure against collective attacks. *New J. Phys. 11*, 4 (2009), 045021.

25. Pironio, S., Acin, A., Massar, S., De La Giroday, A.B., Matsukevich, D.N., Maunz, P., Olmschenk, S., Hayes, D., Luo, L., Manning, T.A., et al. Random numbers certified by Bell's theorem. *Nature 464*, 7291 (2010), 10.

26. Raz, R. A parallel repetition theorem. *SIAM J. Comput. 27* (1998), 763–803.

27. Reichardt, B.W., Unger, F., Vazirani, U. Classical command of quantum systems. *Nature 496*, 7446 (2013), 456.

28. Rivest, R.L., Shamir, A., Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. *Comm. ACM 21*, 2 (1978), 120–126.

29. Scarani, V., Gisin, N., Brunner, N., Masanes, L., Pino, S., Acín, A. Secrecy extraction from no-signaling correlations. *Phys. Rev. A 74*, (Oct 2006), 042339.

30. Shalm, L.K., Meyer-Scott, E., Christensen, B.G., Bierhorst, P., Wayne, M.A., Stevens, M.J., Gerrits, T., Glancy, S., Hamel, D.R., Allman, M.S., et al. Strong loophole-free test of local realism. *Phys. Rev. Lett. 115*, 25 (2015), 250402.

31. Shor, P.W., Preskill, J. Simple proof of security of the BB84 quantum key distribution protocol. *Phys. Rev. Lett. 85* (Jul 2000), 441–444.

32. Tomamichel, M., Schaffner, C., Smith, A., Renner, R. Leftover hashing against quantum side information. *IEEE Transactions on Information Theory 57*, 8 (2011), 5524–5535.

33. Trevisan, L. Extractors and pseudorandom generators. *J. ACM 48* (July 2001), 860–879.

34. Vazirani, U., Vidick, T. Certifiable quantum dice: Or, true random number generation secure against quantum adversaries. In *Proceedings of the 44th symposium on Theory of Computing*, STOC '12 (ACM, 2011), 61–76. Also available as arXiv:1111.6054.

35. Vazirani, U., Vidick, T. Fully device-independent quantum key distribution. *Phys. Rev. Lett. 113*, 14 (2014), 140501.

36. Yin, J., Cao, Y., Li, Y.-H., Liao, S.-K., Zhang, L., Ren, J.-G., Cai, W.-Q., Liu, W.-Y. Li, B., Dai, H., et al. Satellite-based entanglement distribution over 1200 kilometers. *Science 356*, 6343 (2017), 1140–1144.

a. The term "device independence" was only introduced much later, in 2007.^{24}

b. An example of a no-signaling correlation that is neither local nor quantum is the family of distributions *p*(*a*, *b*|*x*, *y*) = 1/2 if and only if *a* ⊕ *b* = *xy*, for *a, b, x, y* ∈ {0, 1}. This family gives a success probability 1 in the CHSH game with probability 1.

c. Note here we use the notation "0" to designate the outcome, even though the associated basis element is the vector |*ψ*_{ϕ}〉, not |0〉. This is a standard convention; labels for outcomes are arbitrary and have no physical meaning.

d. The appropriate notion of entropy is the quantum conditional minentropy, which has an operational interpretation: it is simply the maximum probability with which the Eavesdropper can successfully make a correct guess for the complete string *K*, by performing an arbitrary measurement on her quantum side information.

e. The parameters we give here are inaccurate, and are only meant to give an indication of the procedure.

f. Note that the conditioning is performed jointly on an event involving Alice and Bob (the CHSH violation observed in previous rounds being sufficiently large) on the one hand, and Bob and Eve (Eve's guess being correct) on the other, so it can certainly introduce correlations across the whole input distribution.

A technical version of this paper was published in *Physical Review Letters*, Sept. 29, 2014.

Copyright held by authors/owners. Publication rights licensed to ACM.

Request permission to publish from permissions@acm.org

The Digital Library is published by the Association for Computing Machinery. Copyright © 2019 ACM, Inc.

No entries found