The Universal Composable Security of Quantum Key Distribution

  • Michael Ben-Or
  • Michał Horodecki
  • Debbie W. Leung
  • Dominic Mayers
  • Jonathan Oppenheim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


The existing unconditional security definitions of quantum key distribution (QKD) do not apply to joint attacks over QKD and the subsequent use of the resulting key. In this paper, we close this potential security gap by using a universal composability theorem for the quantum setting. We first derive a composable security definition for QKD. We then prove that the usual security definition of QKD still implies the composable security definition. Thus, a key produced in any QKD protocol that is unconditionally secure in the usual definition can indeed be safely used, a property of QKD that is hitherto unproven. We propose two other useful sufficient conditions for composability. As a simple application of our result, we show that keys generated by repeated runs of QKD degrade slowly.


Authentication Scheme Quantum Cryptography Ideal Functionality Privacy Condition Unconditional Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bennett, C., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, New York, pp. 175–179. IEEE, Bangalore (1984)Google Scholar
  2. 2.
    Ekert, A.: Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67(6), 661–663 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Bennett, C.: Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett. 68(21), 3121–3124 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Bennett, C., Brassard, G., Jozsa, R., Mayers, D., Peres, A., Schumacher, B., Wootters, W.: Reduction of quantum entropy by reversible extraction of classical information. Journal of Modern Optics 41(12), 2307–2314 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Mayers, D.: Quantum key distribution and string oblivious transfer in noisy channels. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 343–357. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Mayers, D.: Unconditional security in quantum cryptography. J. Assoc. Comp. Mach 48, 351 (2001) (quant-ph/9802025)MathSciNetGoogle Scholar
  7. 7.
    Lo, H.-K., Chau, H.F.: Unconditional security of quantum key distribution over arbitrarily long distances. Science 283, 2050–2056 (1999) (quant-ph/9803006)CrossRefGoogle Scholar
  8. 8.
    Biham, E., Boyer, M., Boykin, P., Mor, T., Roychowdhury, V.: A proof of the security of quantum key distribution. In: Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC), pp. 715–724. ACM, New York (2000) (quant-ph/9912053)Google Scholar
  9. 9.
    Shor, P., Preskill, J.: Simple proof of security of the bb84 quantum key distribution protocol. Phys. Rev. Lett. 85, 441–444 (2000) (quant-ph/0003004)CrossRefGoogle Scholar
  10. 10.
    Tamaki, K., Koashi, M., Imoto, N.: Unconditionally secure key distribution based on two nonorthogonal states. Phys. Rev. Lett. 90, 167904 (2003) (quant-ph/0212162)Google Scholar
  11. 11.
    Gottesman, G., Lo, H.-K.: Proof of security of quantum key distribution with two-way classical communications. IEEE Transactions on Information Theory 49(2), 457–475 (2003) (quant-ph/0105121)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Bennett, C., Smolin, J.: First suggested the key degradation problem to one of us, and A. Harrow has obtained partial results.Google Scholar
  13. 13.
    Ambainis, A., Mosca, M., Tapp, A., de Wolf, R.: Private quantum channels. In: IEEE Symposium on Foundations of Computer Science (FOCS), pp. 547–553 (2000) (quant-ph/0003101)Google Scholar
  14. 14.
    Boykin, P., Roychowdhury, V.: Optimal encryption of quantum bits (quant-ph/0003059)Google Scholar
  15. 15.
    Peres, A., Wootters, W.: Optimal detection of quantum information. Phys. Rev. Lett. 66, 1119–1122 (1991)CrossRefGoogle Scholar
  16. 16.
    DiVincenzo, D., Horodecki, M., Leung, D., Smolin, J., Terhal, B.: Locking classical correlation in quantum states. Phys. Rev. Lett. 92, 67902 (2004) (quant-ph/0303088)CrossRefGoogle Scholar
  17. 17.
    Hayden, P., Leung, D., Shor, P., Winter, A.: Randomizing quantum state: constructions and applications (quant-ph/0307104)Google Scholar
  18. 18.
    Canetti, R.: Universal composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE, Los Alamitos (2001)Google Scholar
  19. 19.
    Ben-Or, M., Mayers, D.: Composability theorem. Part I of presentation by D. Mayers, QIP 2003, MSRI, Berkeley, See
  20. 20.
    Ben-Or, M., Mayers, D.: Composing quantum and classical protocols (quant-ph/0409062)Google Scholar
  21. 21.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Unruh, D.: Relating formal security for classical and quantum protocols. Presentation at the Special week on Quantum crytography, Isaac Newton Institute for Mathematical Sciecnes (September 2004), Available at
  23. 23.
    Unruh, D.: Simulation security for quantum protocols (quant-ph/0409125)Google Scholar
  24. 24.
    Ben-Or, M., Horodecki, M., Leung, D., Mayers, D., Oppenheim, J.: Composability of QKD. Part II of presentation by D. Mayers, QIP 2003, MSRI, Berkeley, See
  25. 25.
    Ben-Or, M., Horodecki, M., Leung, D., Mayers, D., Oppenheim, J.: Composability of quantum proocols - applications to quantum key distribution and quantum authentication. Part II of presentation by D. Leung, QIP 2004, IQC, University of Waterloo, See
  26. 26.
    Renner, R., Konig: Universally composable privacy amplification against quantum adversaries (quant-ph/0403133)Google Scholar
  27. 27.
    Christandl, M., Renner, R., Ekert, A.: A generic security proof for quantum key distribution (quant-ph/0402131)Google Scholar
  28. 28.
    Nielsen, M., Chuang, I.: Quantum computation and quantum information. Cambridge University Press, Cambridge (2000)zbMATHGoogle Scholar
  29. 29.
    Wegman, M., Carter, J.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22, 265–279 (1981)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Bruss, D.: Optimal eavesdropping in quantum cryptography with six states. Phys. Rev. Lett. 81, 3018–3021 (1998)CrossRefGoogle Scholar
  31. 31.
    Bechmann-Pasquinucci, H., Gisin, N.: Incoherent and coherent eavesdropping in the 6-state protocol of quantum cryptography (quant-ph/9807041)Google Scholar
  32. 32.
    Deutsch, D., Ekert, A., Jozsa, R., Macchiavello, C., Popescu, S., Sanpera, A.: Quantum privacy amplification and the security of quantum cryptography over noisy channels. Phys. Rev. Lett. 77, 2818 (1996) (quant-ph/9604039)CrossRefGoogle Scholar
  33. 33.
    Cover, T., Thomas, J.: Elements of Information Theory. John Wiley and Sons, New York (1991)zbMATHCrossRefGoogle Scholar
  34. 34.
    Yao, A.: Quantum circuit complexity. In: Proc. of the 34th Ann. IEEE Symp. on Foundations of Computer Science, pp. 352–361 (1993)Google Scholar
  35. 35.
    Aharonov, D., Kitaev, A., Nisan, N.: Quantum circuits with mixed states (quant-ph/9806029)Google Scholar
  36. 36.
    An acyclic circuit is a partially ordered set of gates. However, associating the circuit with constraints on the timing of the adversarial attack is a delicate issue. Suppose the circuit contains conditional gates controlled by random public classical registers. The gates on the target may or may not be applied depending on the values of the control registers. When the gates are not applied, the associated time-constraints of the adversarial attack disappear. In: the extension to the usual acyclic circuit model, we consider all possible values of the control registers and the resulting sets of nontrivial partially ordered operations, and the corresponding constraints on the adversarial attackGoogle Scholar
  37. 37.
    Hayden, P., Leung, D., Mayers, D.: On the composability of quantum message authentication and key recyclingGoogle Scholar
  38. 38.
    Ben-Or, M., Horodecki, M., Leung, D., Mayers, D., Oppenheim, J.: The universal composable security of quantum key distribution (quant-ph/0409078)Google Scholar
  39. 39.
    Holevo, A.: Information-theoretical aspects of quantum measurement. Problemy Peredachi Informatsii 9(2), 31–42 (1973); Kholevo, A.S.: Problems of Information Transmission 9, 110–118 (1973)zbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Michael Ben-Or
    • 1
    • 4
    • 6
  • Michał Horodecki
    • 2
    • 6
  • Debbie W. Leung
    • 3
    • 4
    • 6
  • Dominic Mayers
    • 3
    • 4
  • Jonathan Oppenheim
    • 1
    • 5
    • 6
  1. 1.Institute of Computer ScienceThe Hebrew UniversityJerusalemIsrael
  2. 2.Institute of Theoretical Physics and AstrophysicsUniversity of GdańskPoland
  3. 3.Institute of Quantum InformationCalifornia Institute of TechnologyPasadenaUSA
  4. 4.Mathematical Science Research InstituteBerkeleyUSA
  5. 5.DAMTPUniversity of CambridgeCambridgeUK
  6. 6.Isaac Newton InstituteUniversity of CambridgeCambridgeUK

Personalised recommendations