Asymptotically tight security analysis of quantum key distribution based on universal source compression

Masato Koashi; Shinichiro Yamano; Takaya Matsuura; Toshihiko Sasaki; Yui Kuramochi

arxiv: 2504.07356 · v2 · pith:IFOTZHR4new · submitted 2025-04-10 · 🪐 quant-ph

Asymptotically tight security analysis of quantum key distribution based on universal source compression

Takaya Matsuura , Shinichiro Yamano , Yui Kuramochi , Toshihiko Sasaki , Masato Koashi This is my paper

Pith reviewed 2026-05-22 21:13 UTC · model grok-4.3

classification 🪐 quant-ph

keywords quantum key distributionphase error correctionuniversal source compressionRényi entropypermutation symmetryfinite-size securitycollective attacksconvex optimization

0 comments

The pith

A virtual protocol using universal source compression with quantum side information enables asymptotically tight security proofs for permutation-symmetric quantum key distribution.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that conventional phase error correction in QKD cannot reach the asymptotically optimal key rate when failure probability is estimated from the phase error rate. By constructing a virtual protocol based on universal source compression with quantum side information for fixed-length i.i.d. cases and extending it to adaptive lengths under joint random variable restrictions, the authors tightly bound the failure probability of phase error correction. Combined with reduction to collective attacks, this reduces the security of any permutation-symmetrizable QKD protocol to estimating one conditional Rényi entropy, which is solved by convex optimization. A sympathetic reader would care because this closes the gap between finite-size security proofs and the theoretical limit, allowing practical protocols to claim higher key rates without sacrificing rigor.

Core claim

The security of any permutation-symmetrizable QKD protocol reduces to the estimation problem of a single conditional Rényi entropy via a virtual universal source compression protocol with quantum side information, which tightly evaluates the phase error correction failure probability and yields asymptotically optimal key rates when combined with the collective-attack reduction.

What carries the argument

Virtual protocol of universal source compression with quantum side information, first built for fixed-length i.i.d. setups and extended to adaptive-length setups while preserving restrictions from joint random variables.

If this is right

Finite-size security proofs for permutation-symmetric protocols now achieve the same asymptotic key rate as the ideal collective-attack analysis.
The failure probability of phase error correction receives a tight bound instead of a loose estimate based on the phase error rate.
Security analysis for any permutation-symmetrizable protocol collapses to a single convex optimization problem over conditional Rényi entropy.
Adaptive-length protocols can be handled without losing the asymptotic tightness property.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same compression technique might be adapted to analyze protocols that are only approximately symmetric after suitable post-processing.
Numerical solvers for the convex optimization could be integrated into existing QKD security libraries to produce tighter finite-size bounds in practice.
If the joint-random-variable restrictions can be relaxed, the method might apply to a broader class of adaptive QKD setups beyond those considered here.

Load-bearing premise

The QKD protocol must be permutation-symmetric or symmetrizable, and the virtual compression protocol must extend to adaptive lengths while keeping the necessary restrictions on possible states from joint random variables.

What would settle it

For a concrete permutation-symmetric protocol such as BB84, compute the key rate from the new convex optimization of conditional Rényi entropy and check whether it approaches the known asymptotic Devetak-Winter bound as the block size tends to infinity; any persistent gap would falsify the tightness claim.

Figures

Figures reproduced from arXiv: 2504.07356 by Masato Koashi, Shinichiro Yamano, Takaya Matsuura, Toshihiko Sasaki, Yui Kuramochi.

**Figure 2.** Figure 2: The schematics of how the phase error correction (PEC) protocol works in the [PITH_FULL_IMAGE:figures/full_fig_p016_2.png] view at source ↗

**Figure 3.** Figure 3: Comparison of the key rates with the conventional PEC-type analysis and our [PITH_FULL_IMAGE:figures/full_fig_p032_3.png] view at source ↗

read the original abstract

Practical quantum key distribution (QKD) protocols require a finite-size security proof. The phase error correction (PEC) approach is one of the general strategies for security analyses that has successfully proved finite-size security for many protocols. However, the conventional PEC approach cannot achieve the asymptotically optimal key rate in general, as long as the failure probability of PEC is estimated through the phase error rate. In this work, we propose a new PEC-type strategy that can provably achieve the asymptotically optimal key rate. The key piece for this is a virtual protocol based on universal source compression with quantum side information, which is of independent interest. A universal source compression with quantum side information protocol is first constructed for fixed-length independent and identically distributed (i.i.d.)~setups and then extended to adaptive-length setups with the restrictions on possible states imposed by joint random variables. Combined with the reduction method to collective attacks, this enables us to tightly evaluate the failure probability of PEC for permutation-symmetric QKD protocols, and thus leads to asymptotically tight analyses. As a result, the security of any permutation-symmetrizable QKD protocol gets reduced to the estimation problem of a single conditional R\'enyi entropy, which can be efficiently solved by a convex optimization.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a new virtual protocol using universal source compression to reach asymptotically tight PEC bounds for symmetric QKD, reducing security to one Rényi entropy estimate, though the adaptive extension is the part that needs checking.

read the letter

This paper's core move is to build a virtual protocol from universal source compression with quantum side information, first for fixed i.i.d. cases and then extended to adaptive lengths under joint random variable restrictions. Combined with the collective-attack reduction, it lets them bound PEC failure probability tightly enough to hit the asymptotic key rate for permutation-symmetric protocols, and it collapses the whole security argument to estimating one conditional Rényi entropy via convex optimization. That reduction is the part that actually looks new relative to earlier PEC work. They also flag the virtual protocol as independently interesting, which seems fair given how it sidesteps the usual phase-error-rate looseness. The abstract is direct about the steps and the target class of protocols. The main soft spot is exactly the one the stress test raises: whether the adaptive-length extension keeps the joint-variable restrictions intact so the failure bound stays asymptotically tight. If extra correlations creep in, the o(1) terms could loosen and the claim would not hold. The paper is limited to permutation-symmetrizable protocols, but that is already a standard restriction rather than a new flaw. This is for people doing finite-size QKD proofs who want tighter practical bounds. A reader focused on convex-optimization reductions or virtual-protocol techniques would get concrete value. It deserves a serious referee because the logic is coherent on its face and the result, if the extension works, would be useful. I would send it to review.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes a new phase-error-correction (PEC) strategy for finite-size security proofs of permutation-symmetric (or symmetrizable) QKD protocols. It constructs a virtual protocol based on universal source compression with quantum side information, first for fixed-length i.i.d. states and then extended to adaptive-length setups under joint-random-variable restrictions, and combines this with the collective-attack reduction to show that the PEC failure probability can be tightly bounded by a single conditional Rényi entropy that is computable via convex optimization, thereby achieving asymptotically optimal key rates.

Significance. If the central reduction holds, the work supplies a general, computationally tractable route to asymptotically tight finite-size analyses for a wide class of QKD protocols, removing the sub-optimality that arises when PEC failure is bounded only through the phase-error rate. The virtual compression protocol itself may be of independent interest for other quantum information tasks involving side information.

major comments (2)

[adaptive-length extension (post-fixed-length construction)] The extension of the universal source compression protocol from fixed-length i.i.d. to adaptive-length setups (described after the fixed-length construction) must preserve the joint-random-variable restrictions that underwrite the tight PEC failure bound. The skeptic note correctly identifies that any relaxation of these restrictions under adaptivity could introduce additional correlations that loosen the o(1) terms, undermining the claim that the failure probability remains asymptotically tight and that the security analysis reduces to a single convex optimization.
[reduction to collective attacks combined with adaptive extension] The reduction to collective attacks is invoked to evaluate the PEC failure probability, yet the manuscript does not explicitly verify that the adaptive-length virtual protocol still satisfies the state restrictions required for the collective-attack reduction to remain valid without additional error terms that would prevent asymptotic tightness.

minor comments (2)

Clarify the precise relationship between “permutation-symmetric” (title) and “permutation-symmetrizable” (abstract) and state whether the convex-optimization reduction applies to both classes with identical tightness.
The abstract states that the conditional Rényi entropy estimation “can be efficiently solved by a convex optimization,” but no explicit statement of the optimization problem (variables, objective, constraints) appears in the provided summary; include the formulation in the main text.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thorough review and for highlighting the need for explicit verification in the adaptive-length extension. We address each major comment below. Clarifications will be added to the manuscript to strengthen the presentation without altering the core claims.

read point-by-point responses

Referee: [adaptive-length extension (post-fixed-length construction)] The extension of the universal source compression protocol from fixed-length i.i.d. to adaptive-length setups (described after the fixed-length construction) must preserve the joint-random-variable restrictions that underwrite the tight PEC failure bound. The skeptic note correctly identifies that any relaxation of these restrictions under adaptivity could introduce additional correlations that loosen the o(1) terms, undermining the claim that the failure probability remains asymptotically tight and that the security analysis reduces to a single convex optimization.

Authors: The adaptive-length extension is constructed precisely by imposing the same joint-random-variable restrictions on the possible states as in the fixed-length i.i.d. case. This is done by defining the virtual protocol such that the compression maps respect the joint distribution constraints at each step, preventing the introduction of extraneous correlations. Consequently, the o(1) terms in the PEC failure probability bound remain unaffected, preserving asymptotic tightness and the reduction to a single conditional Rényi entropy. We will add an explicit verification paragraph immediately after the adaptive-length construction, including a short argument showing why the restrictions are inherited without relaxation. revision: partial
Referee: [reduction to collective attacks combined with adaptive extension] The reduction to collective attacks is invoked to evaluate the PEC failure probability, yet the manuscript does not explicitly verify that the adaptive-length virtual protocol still satisfies the state restrictions required for the collective-attack reduction to remain valid without additional error terms that would prevent asymptotic tightness.

Authors: The collective-attack reduction is applied to the output of the virtual protocol, and the joint-random-variable restrictions ensure that the resulting states remain permutation-symmetric and within the class for which the reduction holds exactly (i.e., without extra error terms). The adaptive construction does not alter the symmetry properties or introduce states outside this class. We will insert a dedicated verification subsection that explicitly confirms compatibility between the adaptive virtual protocol and the collective-attack reduction, demonstrating that the failure-probability bound stays asymptotically tight. revision: partial

Circularity Check

0 steps flagged

No circularity: derivation relies on explicit construction and standard information-theoretic reductions

full rationale

The paper explicitly constructs a virtual protocol for universal source compression with quantum side information first in the fixed-length i.i.d. case, then extends it to adaptive-length setups while preserving joint-random-variable restrictions on states. This construction is combined with an existing reduction to collective attacks to bound PEC failure probability. The final reduction of protocol security to estimation of one conditional Rényi entropy (solved by convex optimization) follows directly from these steps and standard entropy properties; it does not redefine any quantity in terms of itself, rename a fitted parameter as a prediction, or rest on a load-bearing self-citation whose validity is assumed without external verification. The derivation chain is therefore self-contained against external benchmarks and contains no steps that reduce by construction to the paper's own inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on standard properties of Rényi entropies and source coding theorems with quantum side information, plus the assumption that permutation symmetry allows reduction to collective attacks. No free parameters or invented entities are introduced in the abstract.

axioms (2)

standard math Properties of conditional Rényi entropy and universal source compression with quantum side information hold for the relevant quantum states.
Invoked in the construction of the virtual protocol and its extension to adaptive lengths.
domain assumption Permutation-symmetric protocols can be reduced to collective attacks for security analysis.
Used to enable tight evaluation of PEC failure probability.

pith-pipeline@v0.9.0 · 5767 in / 1417 out tokens · 25489 ms · 2026-05-22T21:13:48.012080+00:00 · methodology

discussion (0)

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

Universal quantum resource distillation via composite generalised quantum Stein's lemma
quant-ph 2026-05 unverdicted novelty 7.0

Optimal universal distillation rates for quantum resources are achieved without any knowledge of the input state via a composite extension of the generalised quantum Stein's lemma.
Rigorous Security Proofs for Practical Quantum Key Distribution
quant-ph 2026-04 unverdicted novelty 7.0

Rigorous security proofs for variable-length QKD, phase-error bounding with imperfect detectors, marginal-constrained entropy accumulation, and authentication reductions place practical QKD on firmer mathematical ground.

Reference graph

Works this paper leans on

80 extracted references · 80 canonical work pages · cited by 2 Pith papers · 1 internal anchor

[1]

Depending on the key extraction, test, or trash, Bob may change measurement bases

Alice generates a random alphabet ˆ a ∈ X A, prepares the state |ψˆa⟩ ˜B, sends it to Bob, and Bob performs a measurement to obtain an outcome. Depending on the key extraction, test, or trash, Bob may change measurement bases. Alice and Bob repeat this quantum communication ntot times. 15

work page
[2]

key extraction

(Sifting) Alice or Bob announces the label “key extraction”, “test”, or “trash” for each round, the success/failure of the filtering (i.e., post-selection) for each key-extraction round, and the value of the random variable obtained in the test rounds, which is denoted by ˆΞtest. Then, they perform the sifting XA → X A′ and obtain ˆnsift-bit sifted keys ˆ...

work page
[3]

(Information reconciliation) Depending on the bit error rate of the channel, Alice sends Bob a ˆKEC-bit syndrome by consuming ˆKEC-bit of preshared secret key, and Bob performs the bit error correction on his sifted key ˆksift B according to the sent syndrome to obtain a reconciled key ˆkrec B

work page
[4]

(Privacy amplification) Alice and Bob determine the embedding XA′ ,→ X , where |X | is a prime power. Alice randomly chooses a hash function ˆH from the dual 2-universal family Hd(ˆnsift, ˆΞtest) of surjective linear hash functions with the field F|X | and acts it on her sifted key to obtain the final key ˆkfin A := ˆksift A ˆH of the length ˆnfin, where ...

work page
[5]

Alice and Bob repeat this quantum communication ntot times

Alice prepares an entangled state |Ψ⟩A ˜B :=P a∈XA |XA|−1/2 |a⟩A |ψa⟩ ˜B, sends the system ˜B to Bob, and Bob keeps the received quantum system B. Alice and Bob repeat this quantum communication ntot times

work page
[6]

key extraction

(Sifting) Alice or Bob announces the label “key extraction”, “test”, or “trash” for each round. For the rounds in which “test” is chosen, Alice performs the Z-basis measurement on her system A and Bob performs the same measurement as that in the actual protocol to obtain the random variable ˆΞtest. For the rounds in which “trash” is chosen, Alice measures...

work page
[7]

(Information reconciliation) Alice sends Bob a ˆKEC-bit random bits

work page
[8]

(Privacy amplification) Alice defines the ˆ nsift-qudit system K ˆnsift with dim HK = |X | by performing an isometry C⊗ˆnsift A′→KA′, where CA′→KA′ is defined as CA′→KA′ := X z∈XA′ |z⟩K |z⟩⟨z|A′ . (76) (Note that the bases of the systems A′ and K are related by the embedding XA′ ,→ X determined in the actual protocol.) For the dual 2-universal family Hd(ˆ...

work page 1992
[9]

For each of the ntot communication rounds, Alice generates a random bit ˆ a and sends the state |ψˆa⟩ to Bob. Bob performs a measurement with a POVM{|ψ⊥ 1 ⟩⟨ψ⊥ 1 | /2, |ψ⊥ 0 ⟩⟨ψ⊥ 0 | /2, I− |ψ⊥ 0 ⟩⟨ψ⊥ 0 | /2 − | ψ⊥ 1 ⟩⟨ψ⊥ 1 | /2} and obtains an outcome 0, 1, or failure, respectively, where |ψ⊥ a ⟩ := α |e0⟩ − (−1)aβ |e1⟩. The round in which Bob’s measurem...

work page
[10]

extr”, “test

Alice randomly determines which communication round is used as key extraction, test, or trash, and announces it. Depending on the announced label “extr”, “test”, or “trash”, where “extr” is a shorthand of key extraction, Alice and Bob perform one of the following operations. (extr) Bob announces which rounds are “success”. Alice and Bob keep the bit value...

work page
[11]

Depending on the estimated bit error rate, Alice sends Bob the ˆKEC-bit syndrome information

(Information reconciliation) From the numbers ˆ nsift, ˆnsuc, and ˆnerr, Alice estimates the bit error rate. Depending on the estimated bit error rate, Alice sends Bob the ˆKEC-bit syndrome information. Bob performs a bit-error correction accordingly and obtains a reconciled key

work page
[12]

Alice performs the hash function ˆH randomly chosen from the dual 2-universal family of surjective linear hash functions and obtains the final key

(Privacy amplification) From the numbers ˆnsift, ˆnsuc, and ˆnerr, Alice determines the length ˆnfin of the final key and thus the amount of privacy amplification. Alice performs the hash function ˆH randomly chosen from the dual 2-universal family of surjective linear hash functions and obtains the final key. Alice sends ˆH to Bob, and Bob performs it on...

work page
[13]

Bob performs a filtering operation F(ρ) = X i=0,1 FiρF † i , (127) where Fi := |i⟩⟨ψ⊥ i⊕1|B / √ 2 with a binary summation ⊕

For each of the ntot communication rounds, Alice generates a stateP a∈{0,1} 2−1/2 |a⟩A |ψa⟩ ˜B and keeps the system A while sending the system ˜B to Bob. Bob performs a filtering operation F(ρ) = X i=0,1 FiρF † i , (127) where Fi := |i⟩⟨ψ⊥ i⊕1|B / √ 2 with a binary summation ⊕. The map F here is the CP map, and the unfiltered event is regarded as a failur...

work page
[14]

extr”, “test

Alice randomly determines which communication round is used as key extraction, test, or trash, and announces it. Depending on the announced label “extr”, “test”, or “trash”, where “extr” is a shorthand of key extraction, Alice and Bob perform one of the following operations. (extr) Bob announces which rounds are “success”. Alice and Bob keep their qubits ...

work page
[15]

Depending on the estimated bit error rate, Alice sends Bob a ˆKEC-bit random bits

From the numbers ˆnsift, ˆnsuc, and ˆnerr, Alice estimates the bit error rate. Depending on the estimated bit error rate, Alice sends Bob a ˆKEC-bit random bits

work page
[16]

1 n nX i=1 ˆXi ≤ p # ≤ 2−nD(p∥Tr[ρM]). (137) Since the binary relative entropy D(p∥q) is monotone increasing for q when q > p with a fixed p, we have Pr ˆXi∼{Tr[ρ(1−M)],Tr[ρM]}

From the numbers ˆ nsift, ˆnsuc, and ˆnerr, Alice determines the length ˆ nfin of the final key. Alice acts the unitary U( ˆH) on her sifted-key qubits and measures the last ˆnsift − ˆnfin qubits in the X bases, where ˆH is randomly chosen from the dual 2-universal family of surjective linear hash functions. Depending on the measurement outcomes as well a...

work page
[17]

& Chau, H

Lo, H.-K. & Chau, H. F. Unconditional Security of Quantum Key Distribution over Arbitrarily Long Distances. Science 283, 2050–2056 (1999). URL https://www.science.org/doi/abs/10.1126/ science.283.5410.2050

work page arXiv 2050
[18]

Shor, P. W. & Preskill, J. Simple Proof of Security of the BB84 Quantum Key Distribution Protocol. Phys. Rev. Lett. 85, 441–444 (2000). URL https://link.aps.org/doi/10.1103/PhysRevLett.85. 441

work page doi:10.1103/physrevlett.85 2000
[19]

Simple security proof of quantum key distribution based on complementarity

Koashi, M. Simple security proof of quantum key distribution based on complementarity. New Journal of Physics 11, 045018 (2009). URL https://dx.doi.org/10.1088/1367-2630/11/4/045018

work page doi:10.1088/1367-2630/11/4/045018 2009
[20]

Bennett, C. H. & Brassard, G. Quantum cryptography: Public key distribution and coin tossing. Theoretical Computer Science 560, 7–11 (2014). URL https://www.sciencedirect.com/science/ article/pii/S0304397514004241. Theoretical Aspects of Quantum Cryptography - celebrating 30 years of BB84

work page 2014
[21]

Proof of unconditional security of six-state quantum key distribution scheme

Lo, H.-K. Proof of unconditional security of six-state quantum key distribution scheme. Quantum Information and Computation 1, 81–94 (2001). URL https://cir.nii.ac.jp/crid/ 1360294721891177984

work page 2001
[22]

& Imoto, N

Tamaki, K., Koashi, M. & Imoto, N. Unconditionally Secure Key Distribution Based on Two Nonorthogonal States. Phys. Rev. Lett. 90, 167904 (2003). URL https://link.aps.org/doi/10. 1103/PhysRevLett.90.167904

work page 2003
[23]

& Renes, J

Boileau, J.-C., Tamaki, K., Batuwantudawe, J., Laflamme, R. & Renes, J. M. Unconditional Security of a Three State Quantum Key Distribution Protocol. Phys. Rev. Lett. 94, 040503 (2005). URL https://link.aps.org/doi/10.1103/PhysRevLett.94.040503

work page doi:10.1103/physrevlett.94.040503 2005
[25]

SECURITY OF QUANTUM KEY DISTRIBUTION

RENNER, R. SECURITY OF QUANTUM KEY DISTRIBUTION. International Journal of Quantum Information 06, 1–127 (2008). URL https://doi.org/10.1142/S0219749908003256

work page doi:10.1142/s0219749908003256 2008
[26]

& Renner, R

Tomamichel, M., Schaffner, C., Smith, A. & Renner, R. Leftover Hashing Against Quantum Side Information. IEEE Transactions on Information Theory 57, 5524–5535 (2011)

work page 2011
[27]

Department of Combinatorics, U., Optimization & of Waterloo

Stinson, D., of Waterloo. Department of Combinatorics, U., Optimization & of Waterloo. Faculty of Mathematics, U. Universal Hash Families and the Leftover Hash Lemma, and Applications to Cryp- tography and Computing . Research report (University of Waterloo. Faculty of Mathematics) (Fac- ulty of Mathematics, University of Waterloo, 2001). URL https://book...

work page 2001
[28]

& Winter, A

Devetak, I. & Winter, A. Distillation of secret key and entanglement from quantum states. Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences 461, 207–235 (2005). URL https://royalsocietypublishing.org/doi/abs/10.1098/rspa.2004.1372. https://royalsocietypublishing.org/doi/pdf/10.1098/rspa.2004.1372

work page doi:10.1098/rspa.2004.1372 2005
[29]

Physical Review A33(5), 2913–2927 (1986)

Furrer, F. Reverse-reconciliation continuous-variable quantum key distribution based on the uncertainty principle. Phys. Rev. A 90, 042325 (2014). URL https://link.aps.org/doi/10.1103/PhysRevA. 90.042325

work page doi:10.1103/physreva 2014
[30]

Leftover Hashing From Quantum Error Correction: Unifying the Two Approaches to the Security Proof of Quantum Key Distribution

Tsurumaru, T. Leftover Hashing From Quantum Error Correction: Unifying the Two Approaches to the Security Proof of Quantum Key Distribution. IEEE Transactions on Information Theory 66, 3465–3484 (2020)

work page 2020
[31]

Equivalence of Three Classical Algorithms With Quantum Side Information: Privacy Amplification, Error Correction, and Data Compression

Tsurumaru, T. Equivalence of Three Classical Algorithms With Quantum Side Information: Privacy Amplification, Error Correction, and Data Compression. IEEE Transactions on Information Theory 68, 1016–1031 (2022)

work page 2022
[32]

& Winter, A

Devetak, I. & Winter, A. Classical data compression with quantum side information. Phys. Rev. A 68, 042301 (2003). URL https://link.aps.org/doi/10.1103/PhysRevA.68.042301

work page doi:10.1103/physreva.68.042301 2003
[33]

Renes, J. M. Duality of privacy amplification against quantum adversaries and data compression with 37 quantum side information. Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences 467, 1604–1623 (2010). URL https://royalsocietypublishing.org/doi/10.1098/rspa. 2010.0445. Publisher: Royal Society

work page doi:10.1098/rspa 2010
[34]

Renes, J. M. & Renner, R. One-Shot Classical Data Compression With Quantum Side Information and the Distillation of Common Randomness or Secret Keys. IEEE Transactions on Information Theory 58, 1985–1991 (2012)

work page 1985
[35]

P., Datta, N

Cheng, H.-C., Hanson, E. P., Datta, N. & Hsieh, M.-H. Non-Asymptotic Classical Data Compression With Quantum Side Information. IEEE Transactions on Information Theory 67, 902–930 (2021)

work page 2021
[36]

Renes, J. M. Achievable error exponents of data compression with quantum side information and com- munication over symmetric classical-quantum channels. In 2023 IEEE Information Theory Workshop (ITW), 170–174 (2023)

work page 2023
[37]

J., Colbeck, R., Yu, L

Coles, P. J., Colbeck, R., Yu, L. & Zwolak, M. Uncertainty Relations from Simple Entropic Properties. Phys. Rev. Lett. 108, 210405 (2012). URL https://link.aps.org/doi/10.1103/PhysRevLett.108. 210405

work page doi:10.1103/physrevlett.108 2012
[38]

Electro nic transport in two-dimensional graphene

Coles, P. J., Berta, M., Tomamichel, M. & Wehner, S. Entropic uncertainty relations and their applica- tions. Rev. Mod. Phys. 89, 015002 (2017). URL https://link.aps.org/doi/10.1103/RevModPhys. 89.015002

work page doi:10.1103/revmodphys 2017
[39]

& Zurek, W

Ollivier, H. & Zurek, W. H. Quantum Discord: A Measure of the Quantumness of Correlations. Phys. Rev. Lett. 88, 017901 (2001). URL https://link.aps.org/doi/10.1103/PhysRevLett.88.017901

work page doi:10.1103/physrevlett.88.017901 2001
[40]

Postselection Technique for Quantum Channels with Applications to Quantum Cryptography

Christandl, M., K¨ onig, R. & Renner, R. Postselection Technique for Quantum Channels with Applica- tions to Quantum Cryptography. Phys. Rev. Lett. 102, 020504 (2009). URL https://link.aps.org/ doi/10.1103/PhysRevLett.102.020504

work page doi:10.1103/physrevlett.102.020504 2009
[41]

& Renner, R

Fawzi, O. & Renner, R. Quantum Conditional Mutual Information and Approximate Markov Chains. Communications in Mathematical Physics 340, 575–611 (2015). URL https://doi.org/10.1007/ s00220-015-2466-x

work page 2015
[42]

& Koashi, M

Matsuura, T., Yamano, S., Kuramochi, Y., Sasaki, T. & Koashi, M. Tight concentration inequalities for quantum adversarial setups exploiting permutation symmetry. Quantum 8, 1540 (2024). URL https://doi.org/10.22331/q-2024-11-27-1540

work page doi:10.22331/q-2024-11-27-1540 2024
[43]

& Tan, E

Nahar, S., Tupkary, D., Zhao, Y., L¨ utkenhaus, N. & Tan, E. Y.-Z. Postselection Technique for Optical Quantum Key Distribution with Improved de Finetti Reductions. PRX Quantum 5, 040315 (2024). URL https://link.aps.org/doi/10.1103/PRXQuantum.5.040315

work page doi:10.1103/prxquantum.5.040315 2024
[44]

Bennett, C. H. Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett. 68, 3121–3124 (1992). URL https://link.aps.org/doi/10.1103/PhysRevLett.68.3121

work page doi:10.1103/physrevlett.68.3121 1992
[45]

Duality between source coding with quantum side information and c-q channel coding

Cheng, H.-C., Hanson, E. P., Datta, N. & Hsieh, M.-H. Duality between source coding with quantum side information and c-q channel coding (2018). 1809.11143

work page internal anchor Pith review Pith/arXiv arXiv 2018
[46]

Universal Coding for Classical-Quantum Channel

Hayashi, M. Universal Coding for Classical-Quantum Channel. Communications in Mathematical Physics 289, 1087–1098 (2009). URL https://doi.org/10.1007/s00220-009-0825-1

work page doi:10.1007/s00220-009-0825-1 2009
[47]

& Tomamichel, M

Beigi, S. & Tomamichel, M. Lower Bounds on Error Exponents via a New Quantum Decoder (2023). URL https://arxiv.org/abs/2310.09014. 2310.09014

work page arXiv 2023
[48]

& Ogawa, T

Mosonyi, M. & Ogawa, T. Strong Converse Exponent for Classical-Quantum Channel Coding. Communications in Mathematical Physics 355, 373–426 (2017). URL https://doi.org/10.1007/ s00220-017-2928-4

work page 2017
[49]

A Group Theoretic Approach to Quantum Information (Springer International Publishing, Cham, 2017)

Hayashi, M. A Group Theoretic Approach to Quantum Information (Springer International Publishing, Cham, 2017). URL http://link.springer.com/10.1007/978-3-319-45241-8

work page doi:10.1007/978-3-319-45241-8 2017
[50]

& NAUENBERG, M

ITZYKSON, C. & NAUENBERG, M. Unitary Groups: Representations and Decompositions. Rev. Mod. Phys. 38, 95–120 (1966). URL https://link.aps.org/doi/10.1103/RevModPhys.38.95

work page doi:10.1103/revmodphys.38.95 1966
[51]

& Hiai, F

Mosonyi, M. & Hiai, F. On the Quantum R´ enyi Relative Entropies and Related Capacity Formulas. IEEE Transactions on Information Theory 57, 2474–2487 (2011)

work page 2011
[52]

& Wehner, S

K¨ onig, R. & Wehner, S. A Strong Converse for Classical Channel Coding Using Entangled Inputs. Phys. Rev. Lett. 103, 070504 (2009). URL https://link.aps.org/doi/10.1103/PhysRevLett.103. 070504

work page doi:10.1103/physrevlett.103 2009
[53]

Physical Review Letters 85(10), 2200–2203 (2000)

Sharma, N. & Warsi, N. A. Fundamental Bound on the Reliability of Quantum Information Transmis- sion. Phys. Rev. Lett. 110, 080501 (2013). URL https://link.aps.org/doi/10.1103/PhysRevLett. 110.080501

work page doi:10.1103/physrevlett 2013
[54]

& Hsieh, M.-H

Cheng, H.-C., Gao, L. & Hsieh, M.-H. Properties of Noncommutative R´ enyi and Augustin Information. 38 Communications in Mathematical Physics 390, 501–544 (2022). URL https://doi.org/10.1007/ s00220-022-04319-8

work page 2022
[55]

The Generalized Stochastic Likelihood Decoder: Random Coding and Expurgated Bounds

Merhav, N. The Generalized Stochastic Likelihood Decoder: Random Coding and Expurgated Bounds. IEEE Transactions on Information Theory 63, 5039–5051 (2017)

work page 2017
[56]

Renes, J. M. Tight lower bound on the error exponent of classical-quantum channels (2024). URL https://arxiv.org/abs/2407.11118. 2407.11118

work page arXiv 2024
[57]

& Hayashi, M

Tomamichel, M. & Hayashi, M. A Hierarchy of Information Quantities for Finite Block Length Analysis of Quantum Tasks. IEEE Transactions on Information Theory 59, 7693–7710 (2013)

work page 2013
[58]

& Hayashi, M

Tsurumaru, T. & Hayashi, M. Dual Universality of Hash Functions and Its Applications to Quantum Cryptography. IEEE Transactions on Information Theory 59, 4700–4717 (2013)

work page 2013
[59]

Durt, B.-G

DURT, T., ENGLERT, B.-G., BENGTSSON, I. & ˙ZYCZKOWSKI, K. ON MUTUALLY UNBIASED BASES. International Journal of Quantum Information 08, 535–640 (2010). URL https://doi.org/ 10.1142/S0219749910006502. https://doi.org/10.1142/S0219749910006502

work page doi:10.1142/s0219749910006502 2010
[60]

& Renner, R

M¨ uller-Quade, J. & Renner, R. Composability in quantum cryptography. New Journal of Physics 11, 085006 (2009). URL https://dx.doi.org/10.1088/1367-2630/11/8/085006

work page doi:10.1088/1367-2630/11/8/085006 2009
[61]

Digital Quantum Information Processing with Continuous-Variable Systems (Springer Nature, 2023)

Matsuura, T. Digital Quantum Information Processing with Continuous-Variable Systems (Springer Nature, 2023). URL https://doi.org/10.1007/978-981-19-8288-0

work page doi:10.1007/978-981-19-8288-0 2023
[62]

& Tsurumaru, T

Hayashi, M. & Tsurumaru, T. More Efficient Privacy Amplification With Less Random Seeds via Dual Universal Hash Function. IEEE Transactions on Information Theory 62, 2213–2232 (2016)

work page 2016
[63]

& Koashi, M

Zhou, H., Sasaki, T. & Koashi, M. Numerical method for finite-size security analysis of quantum key distribution. Phys. Rev. Res. 4, 033126 (2022). URL https://link.aps.org/doi/10.1103/ PhysRevResearch.4.033126

work page 2022
[64]

Lin, S. M. & Tomamichel, M. Investigating properties of a family of quantum R´ enyi diver- gences. Quantum Information Processing 14, 1501–1512 (2015). URL https://doi.org/10.1007/ s11128-015-0935-y

work page 2015
[65]

& Hayashi, M

Tomamichel, M., Berta, M. & Hayashi, M. Relating different quantum generaliza- tions of the conditional R´ enyi entropy. Journal of Mathematical Physics 55, 082206 (2014). URL https://doi.org/10.1063/1.4892761. https://pubs.aip.org/aip/jmp/article- pdf/doi/10.1063/1.4892761/15618300/082206 1 online.pdf

work page doi:10.1063/1.4892761 2014
[66]

Precise Evaluation of Leaked Information with Secure Randomness Extraction in the Presence of Quantum Attacker

Hayashi, M. Precise Evaluation of Leaked Information with Secure Randomness Extraction in the Presence of Quantum Attacker. Communications in Mathematical Physics 333, 335–350 (2015). URL https://doi.org/10.1007/s00220-014-2174-y

work page doi:10.1007/s00220-014-2174-y 2015
[67]

& Koashi, M

Matsuura, T., Sasaki, T. & Koashi, M. Refined security proof of the round-robin differential-phase- shift quantum key distribution and its improved performance in the finite-sized case. Phys. Rev. A 99, 042303 (2019). URL https://link.aps.org/doi/10.1103/PhysRevA.99.042303

work page doi:10.1103/physreva.99.042303 2019
[68]

Journal of the American Statistical Association 58(301), 13–30 (1963), http://www.jstor.org/stable/2282952

Hoeffding, W. Probability Inequalities for Sums of Bounded Random Variables. Journal of the Amer- ican Statistical Association 58, 13–30 (1963). URL http://www.jstor.org/stable/2282952. Full publication date: Mar., 1963

work page arXiv 1963
[69]

& Koashi, M

Matsuura, T., Maeda, K., Sasaki, T. & Koashi, M. Finite-size security of continuous-variable quantum key distribution with digital signal processing. Nature Communications 12, 252 (2021). URL https: //doi.org/10.1038/s41467-020-19916-1

work page doi:10.1038/s41467-020-19916-1 2021
[70]

Sanov, I. N. On the probability of large deviations of random magnitudes. Mat. Sb. (N.S.) 42(84), 11–44 (1957)

work page 1957
[71]

Sanov property, generalized I-projection and a conditional limit theorem

Csisz´ ar, I. Sanov property, generalized I-projection and a conditional limit theorem. The Annals of Probability 12, 768 (1984)

work page 1984
[72]

Improved asymptotic key rate of the B92 protocol

Matsumoto, R. Improved asymptotic key rate of the B92 protocol. In 2013 IEEE International Symposium on Information Theory , 351–353 (2013)

work page 2013
[73]

& Uyematsu, T

Sasaki, H., Matsumoto, R. & Uyematsu, T. Key rate of the B92 quantum key distribution protocol with finite qubits. In 2015 IEEE International Symposium on Information Theory (ISIT) , 696–699 (2015)

work page 2015
[74]

& Boyd, S

Diamond, S. & Boyd, S. CVXPY: A Python-Embedded Modeling Language for Convex Optimization. Journal of Machine Learning Research (2016). URL https://stanford.edu/~boyd/papers/pdf/ cvxpy_paper.pdf. To appear

work page 2016
[75]

& Renner, R

Dupuis, F., Fawzi, O. & Renner, R. Entropy Accumulation. Communications in Mathematical Physics 379, 867–913 (2020). URL https://doi.org/10.1007/s00220-020-03839-5 . 39

work page doi:10.1007/s00220-020-03839-5 2020
[76]

& Renner, R

Metger, T., Fawzi, O., Sutter, D. & Renner, R. Generalised entropy accumulation. In 2022 IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS) , 844–850 (2022)

work page 2022
[77]

& Renner, R

Metger, T. & Renner, R. Security of quantum key distribution from generalised entropy accumulation. Nature Communications 14, 5272 (2023). URL https://doi.org/10.1038/s41467-023-40920-8

work page doi:10.1038/s41467-023-40920-8 2023
[78]

Arqand, A., Hahn, T. A. & Tan, E. Y. Z. Generalized R´ enyi entropy accumulation theorem and general- ized quantum probability estimation (2024). URL https://arxiv.org/abs/2405.05912. 2405.05912

work page arXiv 2024
[79]

& L¨ utkenhaus, N

George, I., Lin, J. & L¨ utkenhaus, N. Numerical calculations of the finite key rate for general quantum key distribution protocols. Phys. Rev. Res. 3, 013274 (2021). URL https://link.aps.org/doi/10. 1103/PhysRevResearch.3.013274

work page 2021
[80]

& Fawzi, O

Brown, P., Fawzi, H. & Fawzi, O. Computing conditional entropies for quantum correlations. Nature Communications 12, 575 (2021). URL https://doi.org/10.1038/s41467-020-20018-1

work page doi:10.1038/s41467-020-20018-1 2021
[81]

Matrix Analysis

Bhatia, R. Matrix Analysis. Graduate Texts in Mathematics (Springer New York, 1997)

work page 1997

[1] [1]

Depending on the key extraction, test, or trash, Bob may change measurement bases

Alice generates a random alphabet ˆ a ∈ X A, prepares the state |ψˆa⟩ ˜B, sends it to Bob, and Bob performs a measurement to obtain an outcome. Depending on the key extraction, test, or trash, Bob may change measurement bases. Alice and Bob repeat this quantum communication ntot times. 15

work page

[2] [2]

key extraction

(Sifting) Alice or Bob announces the label “key extraction”, “test”, or “trash” for each round, the success/failure of the filtering (i.e., post-selection) for each key-extraction round, and the value of the random variable obtained in the test rounds, which is denoted by ˆΞtest. Then, they perform the sifting XA → X A′ and obtain ˆnsift-bit sifted keys ˆ...

work page

[3] [3]

(Information reconciliation) Depending on the bit error rate of the channel, Alice sends Bob a ˆKEC-bit syndrome by consuming ˆKEC-bit of preshared secret key, and Bob performs the bit error correction on his sifted key ˆksift B according to the sent syndrome to obtain a reconciled key ˆkrec B

work page

[4] [4]

(Privacy amplification) Alice and Bob determine the embedding XA′ ,→ X , where |X | is a prime power. Alice randomly chooses a hash function ˆH from the dual 2-universal family Hd(ˆnsift, ˆΞtest) of surjective linear hash functions with the field F|X | and acts it on her sifted key to obtain the final key ˆkfin A := ˆksift A ˆH of the length ˆnfin, where ...

work page

[5] [5]

Alice and Bob repeat this quantum communication ntot times

Alice prepares an entangled state |Ψ⟩A ˜B :=P a∈XA |XA|−1/2 |a⟩A |ψa⟩ ˜B, sends the system ˜B to Bob, and Bob keeps the received quantum system B. Alice and Bob repeat this quantum communication ntot times

work page

[6] [6]

key extraction

(Sifting) Alice or Bob announces the label “key extraction”, “test”, or “trash” for each round. For the rounds in which “test” is chosen, Alice performs the Z-basis measurement on her system A and Bob performs the same measurement as that in the actual protocol to obtain the random variable ˆΞtest. For the rounds in which “trash” is chosen, Alice measures...

work page

[7] [7]

(Information reconciliation) Alice sends Bob a ˆKEC-bit random bits

work page

[8] [8]

(Privacy amplification) Alice defines the ˆ nsift-qudit system K ˆnsift with dim HK = |X | by performing an isometry C⊗ˆnsift A′→KA′, where CA′→KA′ is defined as CA′→KA′ := X z∈XA′ |z⟩K |z⟩⟨z|A′ . (76) (Note that the bases of the systems A′ and K are related by the embedding XA′ ,→ X determined in the actual protocol.) For the dual 2-universal family Hd(ˆ...

work page 1992

[9] [9]

For each of the ntot communication rounds, Alice generates a random bit ˆ a and sends the state |ψˆa⟩ to Bob. Bob performs a measurement with a POVM{|ψ⊥ 1 ⟩⟨ψ⊥ 1 | /2, |ψ⊥ 0 ⟩⟨ψ⊥ 0 | /2, I− |ψ⊥ 0 ⟩⟨ψ⊥ 0 | /2 − | ψ⊥ 1 ⟩⟨ψ⊥ 1 | /2} and obtains an outcome 0, 1, or failure, respectively, where |ψ⊥ a ⟩ := α |e0⟩ − (−1)aβ |e1⟩. The round in which Bob’s measurem...

work page

[10] [10]

extr”, “test

Alice randomly determines which communication round is used as key extraction, test, or trash, and announces it. Depending on the announced label “extr”, “test”, or “trash”, where “extr” is a shorthand of key extraction, Alice and Bob perform one of the following operations. (extr) Bob announces which rounds are “success”. Alice and Bob keep the bit value...

work page

[11] [11]

Depending on the estimated bit error rate, Alice sends Bob the ˆKEC-bit syndrome information

(Information reconciliation) From the numbers ˆ nsift, ˆnsuc, and ˆnerr, Alice estimates the bit error rate. Depending on the estimated bit error rate, Alice sends Bob the ˆKEC-bit syndrome information. Bob performs a bit-error correction accordingly and obtains a reconciled key

work page

[12] [12]

Alice performs the hash function ˆH randomly chosen from the dual 2-universal family of surjective linear hash functions and obtains the final key

(Privacy amplification) From the numbers ˆnsift, ˆnsuc, and ˆnerr, Alice determines the length ˆnfin of the final key and thus the amount of privacy amplification. Alice performs the hash function ˆH randomly chosen from the dual 2-universal family of surjective linear hash functions and obtains the final key. Alice sends ˆH to Bob, and Bob performs it on...

work page

[13] [13]

Bob performs a filtering operation F(ρ) = X i=0,1 FiρF † i , (127) where Fi := |i⟩⟨ψ⊥ i⊕1|B / √ 2 with a binary summation ⊕

For each of the ntot communication rounds, Alice generates a stateP a∈{0,1} 2−1/2 |a⟩A |ψa⟩ ˜B and keeps the system A while sending the system ˜B to Bob. Bob performs a filtering operation F(ρ) = X i=0,1 FiρF † i , (127) where Fi := |i⟩⟨ψ⊥ i⊕1|B / √ 2 with a binary summation ⊕. The map F here is the CP map, and the unfiltered event is regarded as a failur...

work page

[14] [14]

extr”, “test

Alice randomly determines which communication round is used as key extraction, test, or trash, and announces it. Depending on the announced label “extr”, “test”, or “trash”, where “extr” is a shorthand of key extraction, Alice and Bob perform one of the following operations. (extr) Bob announces which rounds are “success”. Alice and Bob keep their qubits ...

work page

[15] [15]

Depending on the estimated bit error rate, Alice sends Bob a ˆKEC-bit random bits

From the numbers ˆnsift, ˆnsuc, and ˆnerr, Alice estimates the bit error rate. Depending on the estimated bit error rate, Alice sends Bob a ˆKEC-bit random bits

work page

[16] [16]

1 n nX i=1 ˆXi ≤ p # ≤ 2−nD(p∥Tr[ρM]). (137) Since the binary relative entropy D(p∥q) is monotone increasing for q when q > p with a fixed p, we have Pr ˆXi∼{Tr[ρ(1−M)],Tr[ρM]}

From the numbers ˆ nsift, ˆnsuc, and ˆnerr, Alice determines the length ˆ nfin of the final key. Alice acts the unitary U( ˆH) on her sifted-key qubits and measures the last ˆnsift − ˆnfin qubits in the X bases, where ˆH is randomly chosen from the dual 2-universal family of surjective linear hash functions. Depending on the measurement outcomes as well a...

work page

[17] [17]

& Chau, H

Lo, H.-K. & Chau, H. F. Unconditional Security of Quantum Key Distribution over Arbitrarily Long Distances. Science 283, 2050–2056 (1999). URL https://www.science.org/doi/abs/10.1126/ science.283.5410.2050

work page arXiv 2050

[18] [18]

Shor, P. W. & Preskill, J. Simple Proof of Security of the BB84 Quantum Key Distribution Protocol. Phys. Rev. Lett. 85, 441–444 (2000). URL https://link.aps.org/doi/10.1103/PhysRevLett.85. 441

work page doi:10.1103/physrevlett.85 2000

[19] [19]

Simple security proof of quantum key distribution based on complementarity

Koashi, M. Simple security proof of quantum key distribution based on complementarity. New Journal of Physics 11, 045018 (2009). URL https://dx.doi.org/10.1088/1367-2630/11/4/045018

work page doi:10.1088/1367-2630/11/4/045018 2009

[20] [20]

Bennett, C. H. & Brassard, G. Quantum cryptography: Public key distribution and coin tossing. Theoretical Computer Science 560, 7–11 (2014). URL https://www.sciencedirect.com/science/ article/pii/S0304397514004241. Theoretical Aspects of Quantum Cryptography - celebrating 30 years of BB84

work page 2014

[21] [21]

Proof of unconditional security of six-state quantum key distribution scheme

Lo, H.-K. Proof of unconditional security of six-state quantum key distribution scheme. Quantum Information and Computation 1, 81–94 (2001). URL https://cir.nii.ac.jp/crid/ 1360294721891177984

work page 2001

[22] [22]

& Imoto, N

Tamaki, K., Koashi, M. & Imoto, N. Unconditionally Secure Key Distribution Based on Two Nonorthogonal States. Phys. Rev. Lett. 90, 167904 (2003). URL https://link.aps.org/doi/10. 1103/PhysRevLett.90.167904

work page 2003

[23] [23]

& Renes, J

Boileau, J.-C., Tamaki, K., Batuwantudawe, J., Laflamme, R. & Renes, J. M. Unconditional Security of a Three State Quantum Key Distribution Protocol. Phys. Rev. Lett. 94, 040503 (2005). URL https://link.aps.org/doi/10.1103/PhysRevLett.94.040503

work page doi:10.1103/physrevlett.94.040503 2005

[24] [25]

SECURITY OF QUANTUM KEY DISTRIBUTION

RENNER, R. SECURITY OF QUANTUM KEY DISTRIBUTION. International Journal of Quantum Information 06, 1–127 (2008). URL https://doi.org/10.1142/S0219749908003256

work page doi:10.1142/s0219749908003256 2008

[25] [26]

& Renner, R

Tomamichel, M., Schaffner, C., Smith, A. & Renner, R. Leftover Hashing Against Quantum Side Information. IEEE Transactions on Information Theory 57, 5524–5535 (2011)

work page 2011

[26] [27]

Department of Combinatorics, U., Optimization & of Waterloo

Stinson, D., of Waterloo. Department of Combinatorics, U., Optimization & of Waterloo. Faculty of Mathematics, U. Universal Hash Families and the Leftover Hash Lemma, and Applications to Cryp- tography and Computing . Research report (University of Waterloo. Faculty of Mathematics) (Fac- ulty of Mathematics, University of Waterloo, 2001). URL https://book...

work page 2001

[27] [28]

& Winter, A

Devetak, I. & Winter, A. Distillation of secret key and entanglement from quantum states. Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences 461, 207–235 (2005). URL https://royalsocietypublishing.org/doi/abs/10.1098/rspa.2004.1372. https://royalsocietypublishing.org/doi/pdf/10.1098/rspa.2004.1372

work page doi:10.1098/rspa.2004.1372 2005

[28] [29]

Physical Review A33(5), 2913–2927 (1986)

Furrer, F. Reverse-reconciliation continuous-variable quantum key distribution based on the uncertainty principle. Phys. Rev. A 90, 042325 (2014). URL https://link.aps.org/doi/10.1103/PhysRevA. 90.042325

work page doi:10.1103/physreva 2014

[29] [30]

Leftover Hashing From Quantum Error Correction: Unifying the Two Approaches to the Security Proof of Quantum Key Distribution

Tsurumaru, T. Leftover Hashing From Quantum Error Correction: Unifying the Two Approaches to the Security Proof of Quantum Key Distribution. IEEE Transactions on Information Theory 66, 3465–3484 (2020)

work page 2020

[30] [31]

Equivalence of Three Classical Algorithms With Quantum Side Information: Privacy Amplification, Error Correction, and Data Compression

Tsurumaru, T. Equivalence of Three Classical Algorithms With Quantum Side Information: Privacy Amplification, Error Correction, and Data Compression. IEEE Transactions on Information Theory 68, 1016–1031 (2022)

work page 2022

[31] [32]

& Winter, A

Devetak, I. & Winter, A. Classical data compression with quantum side information. Phys. Rev. A 68, 042301 (2003). URL https://link.aps.org/doi/10.1103/PhysRevA.68.042301

work page doi:10.1103/physreva.68.042301 2003

[32] [33]

Renes, J. M. Duality of privacy amplification against quantum adversaries and data compression with 37 quantum side information. Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences 467, 1604–1623 (2010). URL https://royalsocietypublishing.org/doi/10.1098/rspa. 2010.0445. Publisher: Royal Society

work page doi:10.1098/rspa 2010

[33] [34]

Renes, J. M. & Renner, R. One-Shot Classical Data Compression With Quantum Side Information and the Distillation of Common Randomness or Secret Keys. IEEE Transactions on Information Theory 58, 1985–1991 (2012)

work page 1985

[34] [35]

P., Datta, N

Cheng, H.-C., Hanson, E. P., Datta, N. & Hsieh, M.-H. Non-Asymptotic Classical Data Compression With Quantum Side Information. IEEE Transactions on Information Theory 67, 902–930 (2021)

work page 2021

[35] [36]

Renes, J. M. Achievable error exponents of data compression with quantum side information and com- munication over symmetric classical-quantum channels. In 2023 IEEE Information Theory Workshop (ITW), 170–174 (2023)

work page 2023

[36] [37]

J., Colbeck, R., Yu, L

Coles, P. J., Colbeck, R., Yu, L. & Zwolak, M. Uncertainty Relations from Simple Entropic Properties. Phys. Rev. Lett. 108, 210405 (2012). URL https://link.aps.org/doi/10.1103/PhysRevLett.108. 210405

work page doi:10.1103/physrevlett.108 2012

[37] [38]

Electro nic transport in two-dimensional graphene

Coles, P. J., Berta, M., Tomamichel, M. & Wehner, S. Entropic uncertainty relations and their applica- tions. Rev. Mod. Phys. 89, 015002 (2017). URL https://link.aps.org/doi/10.1103/RevModPhys. 89.015002

work page doi:10.1103/revmodphys 2017

[38] [39]

& Zurek, W

Ollivier, H. & Zurek, W. H. Quantum Discord: A Measure of the Quantumness of Correlations. Phys. Rev. Lett. 88, 017901 (2001). URL https://link.aps.org/doi/10.1103/PhysRevLett.88.017901

work page doi:10.1103/physrevlett.88.017901 2001

[39] [40]

Postselection Technique for Quantum Channels with Applications to Quantum Cryptography

Christandl, M., K¨ onig, R. & Renner, R. Postselection Technique for Quantum Channels with Applica- tions to Quantum Cryptography. Phys. Rev. Lett. 102, 020504 (2009). URL https://link.aps.org/ doi/10.1103/PhysRevLett.102.020504

work page doi:10.1103/physrevlett.102.020504 2009

[40] [41]

& Renner, R

Fawzi, O. & Renner, R. Quantum Conditional Mutual Information and Approximate Markov Chains. Communications in Mathematical Physics 340, 575–611 (2015). URL https://doi.org/10.1007/ s00220-015-2466-x

work page 2015

[41] [42]

& Koashi, M

Matsuura, T., Yamano, S., Kuramochi, Y., Sasaki, T. & Koashi, M. Tight concentration inequalities for quantum adversarial setups exploiting permutation symmetry. Quantum 8, 1540 (2024). URL https://doi.org/10.22331/q-2024-11-27-1540

work page doi:10.22331/q-2024-11-27-1540 2024

[42] [43]

& Tan, E

Nahar, S., Tupkary, D., Zhao, Y., L¨ utkenhaus, N. & Tan, E. Y.-Z. Postselection Technique for Optical Quantum Key Distribution with Improved de Finetti Reductions. PRX Quantum 5, 040315 (2024). URL https://link.aps.org/doi/10.1103/PRXQuantum.5.040315

work page doi:10.1103/prxquantum.5.040315 2024

[43] [44]

Bennett, C. H. Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett. 68, 3121–3124 (1992). URL https://link.aps.org/doi/10.1103/PhysRevLett.68.3121

work page doi:10.1103/physrevlett.68.3121 1992

[44] [45]

Duality between source coding with quantum side information and c-q channel coding

Cheng, H.-C., Hanson, E. P., Datta, N. & Hsieh, M.-H. Duality between source coding with quantum side information and c-q channel coding (2018). 1809.11143

work page internal anchor Pith review Pith/arXiv arXiv 2018

[45] [46]

Universal Coding for Classical-Quantum Channel

Hayashi, M. Universal Coding for Classical-Quantum Channel. Communications in Mathematical Physics 289, 1087–1098 (2009). URL https://doi.org/10.1007/s00220-009-0825-1

work page doi:10.1007/s00220-009-0825-1 2009

[46] [47]

& Tomamichel, M

Beigi, S. & Tomamichel, M. Lower Bounds on Error Exponents via a New Quantum Decoder (2023). URL https://arxiv.org/abs/2310.09014. 2310.09014

work page arXiv 2023

[47] [48]

& Ogawa, T

Mosonyi, M. & Ogawa, T. Strong Converse Exponent for Classical-Quantum Channel Coding. Communications in Mathematical Physics 355, 373–426 (2017). URL https://doi.org/10.1007/ s00220-017-2928-4

work page 2017

[48] [49]

A Group Theoretic Approach to Quantum Information (Springer International Publishing, Cham, 2017)

Hayashi, M. A Group Theoretic Approach to Quantum Information (Springer International Publishing, Cham, 2017). URL http://link.springer.com/10.1007/978-3-319-45241-8

work page doi:10.1007/978-3-319-45241-8 2017

[49] [50]

& NAUENBERG, M

ITZYKSON, C. & NAUENBERG, M. Unitary Groups: Representations and Decompositions. Rev. Mod. Phys. 38, 95–120 (1966). URL https://link.aps.org/doi/10.1103/RevModPhys.38.95

work page doi:10.1103/revmodphys.38.95 1966

[50] [51]

& Hiai, F

Mosonyi, M. & Hiai, F. On the Quantum R´ enyi Relative Entropies and Related Capacity Formulas. IEEE Transactions on Information Theory 57, 2474–2487 (2011)

work page 2011

[51] [52]

& Wehner, S

K¨ onig, R. & Wehner, S. A Strong Converse for Classical Channel Coding Using Entangled Inputs. Phys. Rev. Lett. 103, 070504 (2009). URL https://link.aps.org/doi/10.1103/PhysRevLett.103. 070504

work page doi:10.1103/physrevlett.103 2009

[52] [53]

Physical Review Letters 85(10), 2200–2203 (2000)

Sharma, N. & Warsi, N. A. Fundamental Bound on the Reliability of Quantum Information Transmis- sion. Phys. Rev. Lett. 110, 080501 (2013). URL https://link.aps.org/doi/10.1103/PhysRevLett. 110.080501

work page doi:10.1103/physrevlett 2013

[53] [54]

& Hsieh, M.-H

Cheng, H.-C., Gao, L. & Hsieh, M.-H. Properties of Noncommutative R´ enyi and Augustin Information. 38 Communications in Mathematical Physics 390, 501–544 (2022). URL https://doi.org/10.1007/ s00220-022-04319-8

work page 2022

[54] [55]

The Generalized Stochastic Likelihood Decoder: Random Coding and Expurgated Bounds

Merhav, N. The Generalized Stochastic Likelihood Decoder: Random Coding and Expurgated Bounds. IEEE Transactions on Information Theory 63, 5039–5051 (2017)

work page 2017

[55] [56]

Renes, J. M. Tight lower bound on the error exponent of classical-quantum channels (2024). URL https://arxiv.org/abs/2407.11118. 2407.11118

work page arXiv 2024

[56] [57]

& Hayashi, M

Tomamichel, M. & Hayashi, M. A Hierarchy of Information Quantities for Finite Block Length Analysis of Quantum Tasks. IEEE Transactions on Information Theory 59, 7693–7710 (2013)

work page 2013

[57] [58]

& Hayashi, M

Tsurumaru, T. & Hayashi, M. Dual Universality of Hash Functions and Its Applications to Quantum Cryptography. IEEE Transactions on Information Theory 59, 4700–4717 (2013)

work page 2013

[58] [59]

Durt, B.-G

DURT, T., ENGLERT, B.-G., BENGTSSON, I. & ˙ZYCZKOWSKI, K. ON MUTUALLY UNBIASED BASES. International Journal of Quantum Information 08, 535–640 (2010). URL https://doi.org/ 10.1142/S0219749910006502. https://doi.org/10.1142/S0219749910006502

work page doi:10.1142/s0219749910006502 2010

[59] [60]

& Renner, R

M¨ uller-Quade, J. & Renner, R. Composability in quantum cryptography. New Journal of Physics 11, 085006 (2009). URL https://dx.doi.org/10.1088/1367-2630/11/8/085006

work page doi:10.1088/1367-2630/11/8/085006 2009

[60] [61]

Digital Quantum Information Processing with Continuous-Variable Systems (Springer Nature, 2023)

Matsuura, T. Digital Quantum Information Processing with Continuous-Variable Systems (Springer Nature, 2023). URL https://doi.org/10.1007/978-981-19-8288-0

work page doi:10.1007/978-981-19-8288-0 2023

[61] [62]

& Tsurumaru, T

Hayashi, M. & Tsurumaru, T. More Efficient Privacy Amplification With Less Random Seeds via Dual Universal Hash Function. IEEE Transactions on Information Theory 62, 2213–2232 (2016)

work page 2016

[62] [63]

& Koashi, M

Zhou, H., Sasaki, T. & Koashi, M. Numerical method for finite-size security analysis of quantum key distribution. Phys. Rev. Res. 4, 033126 (2022). URL https://link.aps.org/doi/10.1103/ PhysRevResearch.4.033126

work page 2022

[63] [64]

Lin, S. M. & Tomamichel, M. Investigating properties of a family of quantum R´ enyi diver- gences. Quantum Information Processing 14, 1501–1512 (2015). URL https://doi.org/10.1007/ s11128-015-0935-y

work page 2015

[64] [65]

& Hayashi, M

Tomamichel, M., Berta, M. & Hayashi, M. Relating different quantum generaliza- tions of the conditional R´ enyi entropy. Journal of Mathematical Physics 55, 082206 (2014). URL https://doi.org/10.1063/1.4892761. https://pubs.aip.org/aip/jmp/article- pdf/doi/10.1063/1.4892761/15618300/082206 1 online.pdf

work page doi:10.1063/1.4892761 2014

[65] [66]

Precise Evaluation of Leaked Information with Secure Randomness Extraction in the Presence of Quantum Attacker

Hayashi, M. Precise Evaluation of Leaked Information with Secure Randomness Extraction in the Presence of Quantum Attacker. Communications in Mathematical Physics 333, 335–350 (2015). URL https://doi.org/10.1007/s00220-014-2174-y

work page doi:10.1007/s00220-014-2174-y 2015

[66] [67]

& Koashi, M

Matsuura, T., Sasaki, T. & Koashi, M. Refined security proof of the round-robin differential-phase- shift quantum key distribution and its improved performance in the finite-sized case. Phys. Rev. A 99, 042303 (2019). URL https://link.aps.org/doi/10.1103/PhysRevA.99.042303

work page doi:10.1103/physreva.99.042303 2019

[67] [68]

Journal of the American Statistical Association 58(301), 13–30 (1963), http://www.jstor.org/stable/2282952

Hoeffding, W. Probability Inequalities for Sums of Bounded Random Variables. Journal of the Amer- ican Statistical Association 58, 13–30 (1963). URL http://www.jstor.org/stable/2282952. Full publication date: Mar., 1963

work page arXiv 1963

[68] [69]

& Koashi, M

Matsuura, T., Maeda, K., Sasaki, T. & Koashi, M. Finite-size security of continuous-variable quantum key distribution with digital signal processing. Nature Communications 12, 252 (2021). URL https: //doi.org/10.1038/s41467-020-19916-1

work page doi:10.1038/s41467-020-19916-1 2021

[69] [70]

Sanov, I. N. On the probability of large deviations of random magnitudes. Mat. Sb. (N.S.) 42(84), 11–44 (1957)

work page 1957

[70] [71]

Sanov property, generalized I-projection and a conditional limit theorem

Csisz´ ar, I. Sanov property, generalized I-projection and a conditional limit theorem. The Annals of Probability 12, 768 (1984)

work page 1984

[71] [72]

Improved asymptotic key rate of the B92 protocol

Matsumoto, R. Improved asymptotic key rate of the B92 protocol. In 2013 IEEE International Symposium on Information Theory , 351–353 (2013)

work page 2013

[72] [73]

& Uyematsu, T

Sasaki, H., Matsumoto, R. & Uyematsu, T. Key rate of the B92 quantum key distribution protocol with finite qubits. In 2015 IEEE International Symposium on Information Theory (ISIT) , 696–699 (2015)

work page 2015

[73] [74]

& Boyd, S

Diamond, S. & Boyd, S. CVXPY: A Python-Embedded Modeling Language for Convex Optimization. Journal of Machine Learning Research (2016). URL https://stanford.edu/~boyd/papers/pdf/ cvxpy_paper.pdf. To appear

work page 2016

[74] [75]

& Renner, R

Dupuis, F., Fawzi, O. & Renner, R. Entropy Accumulation. Communications in Mathematical Physics 379, 867–913 (2020). URL https://doi.org/10.1007/s00220-020-03839-5 . 39

work page doi:10.1007/s00220-020-03839-5 2020

[75] [76]

& Renner, R

Metger, T., Fawzi, O., Sutter, D. & Renner, R. Generalised entropy accumulation. In 2022 IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS) , 844–850 (2022)

work page 2022

[76] [77]

& Renner, R

Metger, T. & Renner, R. Security of quantum key distribution from generalised entropy accumulation. Nature Communications 14, 5272 (2023). URL https://doi.org/10.1038/s41467-023-40920-8

work page doi:10.1038/s41467-023-40920-8 2023

[77] [78]

Arqand, A., Hahn, T. A. & Tan, E. Y. Z. Generalized R´ enyi entropy accumulation theorem and general- ized quantum probability estimation (2024). URL https://arxiv.org/abs/2405.05912. 2405.05912

work page arXiv 2024

[78] [79]

& L¨ utkenhaus, N

George, I., Lin, J. & L¨ utkenhaus, N. Numerical calculations of the finite key rate for general quantum key distribution protocols. Phys. Rev. Res. 3, 013274 (2021). URL https://link.aps.org/doi/10. 1103/PhysRevResearch.3.013274

work page 2021

[79] [80]

& Fawzi, O

Brown, P., Fawzi, H. & Fawzi, O. Computing conditional entropies for quantum correlations. Nature Communications 12, 575 (2021). URL https://doi.org/10.1038/s41467-020-20018-1

work page doi:10.1038/s41467-020-20018-1 2021

[80] [81]

Matrix Analysis

Bhatia, R. Matrix Analysis. Graduate Texts in Mathematics (Springer New York, 1997)

work page 1997