Understanding complementarity-based security proofs of quantum key distribution with imperfect sources

Abstract

We present a study of modern security proofs of quantum key distribution based on complementarity. This is a quantum communication protocol allowing for provable, unconditional security, although there is still a gap between theoretical analyses and real, operational systems. We focus on a recent argument by Koashi, which enables the treatment of individual, basis-dependent imperfections in the source. A detailed review is given based partly on an alternate derivation, with the goal of providing a more accessible approach to utilizing the strength of the complementarity-based proof. Some subtleties in the argument are then pointed out, particularly regarding the requirement of perfectly independent states in the random sampling. A numerical approach is implemented to simulate arbitrary protocols in order to investigate the necessity of this requirement. For independent states, the results provide strong evidence in support of the established security bounds. We then focus on imperfect sources with basis-independent correlations, which reveals concrete counterexamples to the security claims, even in the operational regime. This increases the understanding of why security relies critically on perfect independence of the states. We also predict the possibility of attacking real-world devices as the results show a necessary, although not sufficient, condition for exploiting small, but finite basis-independent correlations in an imperfect source. Furthermore, we argue that analyzing such systems and finding capable attack operations is difficult to achieve by analytic methods; instead we develop further numerical techniques for sampling the parameter space of source states and attack operations in a computationally efficient manner. These parameters are then iteratively improved using a hybrid uniform search and genetic optimization routine. The numerical methods prove to be effective in both uncovering sources that are prone to correlation attacks as well as constructing explicit attack operations for a given system.