arxiv: 2605.12984 · v1 · submitted 2026-05-13 · 🪐 quant-ph

Recognition: no theorem link

Numerical security analysis for practical quantum key distribution

\'Alvaro Navarrete , Guillermo Curr\'as-Lorenzo , Margarida Pereira , Marcos Curty

Authors on Pith no claims yet

Pith reviewed 2026-05-14 19:19 UTC · model grok-4.3

classification 🪐 quant-ph

keywords quantum key distributionfinite-key securitycoherent attacksdecoy-state QKDnumerical security analysisdevice imperfectionsnon-IID signals

0 comments

The pith

A numerical finite-key security framework proves security for realistic QKD setups against general coherent attacks using only partial device characterization.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a computational method to derive security guarantees for quantum key distribution when devices deviate from ideal models. It handles transmitter and receiver imperfections, including signals that vary over time in fast systems, and works even when the attacker uses the strongest coherent strategies. Only incomplete knowledge of the hardware is needed to run the analysis. This approach matters because existing proofs often cannot certify the performance of actual hardware built with real components.

Core claim

We introduce a versatile numerical finite-key security framework valid against general coherent attacks and applicable to a broad class of practical QKD setups. It accommodates most relevant imperfections at both transmitter and receiver, including non-independent-and-identically-distributed signals arising in high-speed QKD systems due to the limited bandwidth of optical modulators, while requiring only partial characterization of the apparatuses. We demonstrate the power of our framework by proving the security of a realistic decoy-state QKD implementation with laser sources.

What carries the argument

The numerical optimization procedure that computes finite-key rates by bounding the effect of observed statistics on the worst-case eavesdropper information under partial device models.

If this is right

Security can be certified for decoy-state protocols using real laser sources without assuming perfect devices.
High-speed systems with time-varying signals from modulator bandwidth limits become provably secure.
The same method applies to many different QKD hardware configurations without requiring full device tomography.
Finite-key rates can be computed numerically rather than through analytic bounds that ignore practical imperfections.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The framework could be adapted to analyze security in other quantum communication tasks such as quantum repeaters or entanglement distribution.
It provides a route to standardized certification procedures that test only a subset of device parameters.
Manufacturers could use the method during design to quantify how much characterization effort is needed for a target security level.

Load-bearing premise

Partial characterization of the transmitter and receiver suffices to bound how all uncharacterized imperfections can affect the security proof.

What would settle it

An experimental or simulated QKD run where the observed statistics match the partial characterization but the actual key leakage exceeds the numerical bound computed by the framework.

Figures

Figures reproduced from arXiv: 2605.12984 by \'Alvaro Navarrete, Guillermo Curr\'as-Lorenzo, Marcos Curty, Margarida Pereira.

**Figure 2.** Figure 2: Optimized secret-key rate of a decoy-state BB84 [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗

**Figure 3.** Figure 3: Optimized secret-key rate of a single-photon BB84 scheme obtained with our numerical security proof (blue dotted [PITH_FULL_IMAGE:figures/full_fig_p011_3.png] view at source ↗

**Figure 4.** Figure 4: Secret-key rate of a coherent-light-based MDI QKD scheme [23] in the presence of device imperfections. The green [PITH_FULL_IMAGE:figures/full_fig_p015_4.png] view at source ↗

read the original abstract

Quantum key distribution (QKD) promises information-theoretic security based on quantum mechanics and idealized device models. Practical implementations, however, deviate from these models due to unavoidable device imperfections, and existing security proofs fall short of capturing the complexity of real-world systems. Here we introduce a versatile numerical finite-key security framework valid against general coherent attacks and applicable to a broad class of practical QKD setups. It accommodates most relevant imperfections at both transmitter and receiver, including non-independent-and-identically-distributed (non-IID) signals arising in high-speed QKD systems due to the limited bandwidth of optical modulators, while requiring only partial characterization of the apparatuses. We demonstrate the power of our framework by proving the security of a realistic decoy-state QKD implementation with laser sources, providing a practical route towards rigorous security certification of real-world QKD setups.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a numerical optimization framework for finite-key QKD security that handles non-IID pulses from real modulator bandwidth limits and works with only partial device characterization.

read the letter

The main advance is a numerical method to bound information leakage under general coherent attacks for decoy-state QKD while folding in pulse-to-pulse correlations from finite modulator bandwidth. It claims to need only partial transmitter and receiver data rather than full models, and they apply it to a laser-based setup to show the idea in practice. That moves past the usual analytical proofs limited to IID or idealized devices, which is a useful step for people trying to certify actual hardware. The approach looks like it could be applied to other imperfections at both ends of the link. The soft spot is the reliance on partial characterization being sufficient to close all loopholes when non-IID effects are present. If an unmodeled side channel couples to the bandwidth-induced correlations in a way the convex set does not capture, the bound could loosen. The abstract and high-level description do not spell out the exact constraints or tightness checks, so the paper needs to show concrete optimization details and at least one verification case to make the claim convincing. This is for QKD experimental groups and certification efforts that already have some device data and want a tool beyond pure theory. A reader working on practical security proofs would find the framework worth examining. I would send it to peer review because the core idea addresses a real deployment gap and the numerical route is worth checking in detail, even if the validation sections need strengthening.

Referee Report

2 major / 2 minor

Summary. The manuscript introduces a numerical finite-key security framework for practical QKD that is valid against general coherent attacks. It handles transmitter and receiver imperfections, including non-IID signals from limited modulator bandwidth, using only partial device characterization, and demonstrates the approach on a realistic decoy-state implementation.

Significance. If the numerical optimization correctly bounds information leakage from all coherent attacks consistent with the supplied partial characterization, the framework would offer a practical route to rigorous security proofs for real-world QKD systems that current analytical methods cannot address. The ability to incorporate non-IID effects without full device models is a notable strength.

major comments (2)

[Abstract and framework description] The central security claim rests on the assertion that partial characterization of the transmitter and receiver is sufficient to bound the effect of all uncharacterized imperfections, including those correlated with non-IID pulse statistics. The manuscript does not provide an explicit argument or constraint formulation showing that the numerical optimization (presumably an SDP or convex program) encloses all possible adversarial correlations between unmodeled side channels and the finite-bandwidth-induced dependencies. This assumption is load-bearing for the general-coherent-attack guarantee.
[Numerical method section] No explicit derivation steps, error analysis, or verification data (e.g., convergence checks or comparison against known analytical bounds) are supplied for the numerical optimization procedure. Without these, it is impossible to confirm that the reported security bounds are tight or that the finite-key corrections are correctly implemented.

minor comments (2)

[Method] Clarify the precise form of the optimization constraints used to encode the partial characterization data and the non-IID statistics.
[Demonstration] Add a table or figure comparing the numerical bounds against existing analytical decoy-state results for the same experimental parameters.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their thorough review and constructive comments. We address each major comment point by point below and have revised the manuscript to incorporate additional details where needed.

read point-by-point responses

Referee: [Abstract and framework description] The central security claim rests on the assertion that partial characterization of the transmitter and receiver is sufficient to bound the effect of all uncharacterized imperfections, including those correlated with non-IID pulse statistics. The manuscript does not provide an explicit argument or constraint formulation showing that the numerical optimization (presumably an SDP or convex program) encloses all possible adversarial correlations between unmodeled side channels and the finite-bandwidth-induced dependencies. This assumption is load-bearing for the general-coherent-attack guarantee.

Authors: We thank the referee for identifying this point. The current manuscript relies on the numerical optimization being formulated over all quantum states consistent with the supplied partial characterization (pulse intensity bounds, detection efficiencies, and modulator response functions), with non-IID statistics incorporated by allowing each pulse in the block to occupy a state within those bounds. To make the argument explicit, the revised manuscript will add a dedicated paragraph deriving the SDP constraints: the objective maximizes the Holevo information subject to linear constraints on the observed statistics for each pulse and a joint state over the finite block that permits arbitrary correlations. This construction encloses adversarial correlations between uncharacterized side channels and bandwidth-induced dependencies by construction, as any such correlation must still satisfy the partial characterization bounds. We will include the explicit constraint matrices. revision: yes
Referee: [Numerical method section] No explicit derivation steps, error analysis, or verification data (e.g., convergence checks or comparison against known analytical bounds) are supplied for the numerical optimization procedure. Without these, it is impossible to confirm that the reported security bounds are tight or that the finite-key corrections are correctly implemented.

Authors: We agree that the numerical procedure requires more supporting detail. In the revised manuscript we will expand the Numerical method section with: (i) step-by-step derivation of the SDP from the finite-key security definition, (ii) error analysis bounding the solver precision and its propagation into the key-rate estimate, and (iii) verification data consisting of convergence plots, comparisons against known analytical bounds in the asymptotic and ideal-device limits, and explicit checks that the finite-key corrections match standard formulas. These additions will allow independent confirmation of tightness and correctness. revision: yes

Circularity Check

0 steps flagged

Numerical optimization derives bounds from partial characterization without circular reduction

full rationale

The paper introduces a numerical finite-key security framework that uses optimization (likely SDP-style) over quantum states/channels constrained by partial transmitter/receiver characterization to bound information leakage under general coherent attacks, including non-IID effects from modulator bandwidth. No derivation step reduces by construction to a fitted parameter renamed as prediction, a self-definitional loop, or a load-bearing self-citation chain; the security claim rests on the external validity of the convex-set constraints and the optimization procedure itself, which are independent of the final key-rate output. The framework is self-contained against the supplied partial data and does not invoke uniqueness theorems or ansatzes from prior self-work as the sole justification.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The framework rests on standard quantum mechanics and convex optimization; no new free parameters or invented entities are introduced in the abstract description.

axioms (2)

domain assumption Quantum mechanics governs the evolution and measurement of the optical states
Invoked implicitly as the foundation for all QKD security proofs
ad hoc to paper The partial device characterization provides sufficient bounds on uncharacterized imperfections
Central modeling choice stated in the abstract

pith-pipeline@v0.9.0 · 5445 in / 1192 out tokens · 24607 ms · 2026-05-14T19:19:30.222470+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

73 extracted references · 73 canonical work pages · 2 internal anchors

[1]

constructive interference

MDI-QKD type protocols General setting A generic description of a measurement-device-independent (MDI) type QKD protocol is given in Box 3. We assume that Eq. (1) holds for both Alice’s and Bob’s transmitted states for a certainε≥ε iu ∀iu, and so we can apply Lemma 4 (see Appendix C) and consider that the emitted quantum states are pure. In particular, le...

work page
[2]

, N}, (a) Alice chooses a pair of bit/basis (a) and intensity (µ) settings, which for conciseness we group in a single indexi∈ {0,1, n A −1}, with probabilityp A i ≡p A a,µ

In each round a u∈ {1, . . . , N}, (a) Alice chooses a pair of bit/basis (a) and intensity (µ) settings, which for conciseness we group in a single indexi∈ {0,1, n A −1}, with probabilityp A i ≡p A a,µ. Then she prepares an-photon state with density matrixσ n,iu u−L C —which in general may depend not only on the current setting choicesi≡i u but also on th...

work page
[3]

The key rounds—i.e., those in whichβ=Z,a, b∈ {0,1}, andµ= 0—are used to generate the users’ sifted keys

Alice and Bob publicly exchange classical information and decide if the round is assigned askeyortestround. The key rounds—i.e., those in whichβ=Z,a, b∈ {0,1}, andµ= 0—are used to generate the users’ sifted keys. In the test rounds—i.e., the remaining rounds—we assume that the users reveal all the parametersa, µ, β, andb. Alice and Bob record the number o...

work page
[4]

a In this box we omit the round indexufrom the quantities whenever it is clear from the context

Alice and Bob perform error correction, error verification, and privacy amplification. a In this box we omit the round indexufrom the quantities whenever it is clear from the context

work page
[5]

Decoy-state QKD protocols General setting In a decoy-state QKD scheme (see Box 4), Alice generates phase-randomized weak-coherent pulses (PRWCPs)—for concreteness we consider continuous phase randomization here, but we remark that the security analysis also applies to discrete-phase-randomization setups—such that the phase-averaged pulses can be described...

work page
[6]

(A25) for certainε—and sends all systemsC N 1 through the quantum channel to Bob, who receives the systemsB N 1

Alice prepares the entangled state|Ψ ε⟩AN 1 RN 1 CN 1 —defined in Eq. (A25) for certainε—and sends all systemsC N 1 through the quantum channel to Bob, who receives the systemsB N 1

work page
[7]

(A33) with eigenvaluesω∈ Sncut n=0 {ωn}ωn ∪ {λ∗ i,∞}i

Then, in each roundu, Alice and Bob perform the POVM {(1−α)|1⟩ ⟨1| R ⊗ ˆV a,b AB }a,b∈{0,1} ∪ {(1−α)|n⟩ ⟨n| R ⊗ ˆSa,µ,β,b AB }(n,µ,a,β,b)/∈K∪ {α|ω⟩ ⟨ω|RA ⊗1 B}ω, on the systemsRAB, whereαis the probability that a round is tagged as LWM, K:={(n, a, µ, β, b) :n= 1, µ= 0, β=Z, a, b∈ {0,1}}, and the states|ω⟩ RA are eigenvectors of the operator ˆWRA defined i...

work page
[8]

a In particular, the states{|ω⟩} ω in general differ between the two VEPs, as may the coefficientsc l a,µ,β,b,inter alia

Alice and Bob computeM key,1 = P u χu key,1 Mph = P u χu ph,M key = P u χu key,M Q,l = P u χu Q,l and MW = P u χu W. a In particular, the states{|ω⟩} ω in general differ between the two VEPs, as may the coefficientsc l a,µ,β,b,inter alia. b The coefficientsc l a,0,Z,b are assumed to be identical for alla, b∈ {0,1}. After solving the dual SDP given by Eq. ...

work page
[9]

,Xn be independent, zero-mean random variables satisfying |Xi| ≤calmost surely

Auxiliary results on concentration bounds The finite-key analysis requires the use of certain results on concentration bounds for sums of RVs that we include below for completeness: Lemma 1(Bernstein’s inequality [54, 55]).LetX 1, . . . ,Xn be independent, zero-mean random variables satisfying |Xi| ≤calmost surely. Defines= 1 n Pn u=1 Xu andv= 1 n Pn u=1 ...

work page
[10]

We start from Eq

Upper bound on the number of phase errors of the VEP Now we show how to derive a probabilistic upper bound on the number of phase errors of the VEP, namelyM ph, by using Kato’s inequality. We start from Eq. (15), which comprises three summations related with different types of RVs: those associated with the phase-errors (χ u ph); those associated with the...

work page
[11]

Imperfect detectors Next, we extend the upper bound on the number of phase errors of the VEP,M U ph, to the case in which there is a detection-efficiency mismatch at Bob’s receiver. In particular, we consider that the detection efficiencies and dark counts of Bob’s single-photon detectors are not known precisely, but are only characterized within some kno...

work page
[12]

Upper bound on the phase-error rate of the VP We now derive an upper bound on the number of phase errorsN ph of the VP—a protocol in which no LWM rounds are defined—starting from the bound onM ph in the VEP given by Eq. (B27). To do so, we rely on two observations. First, the upper bound in Eq. (B27) depends solely on the RVsM Q,l and Mkey, i.e., it is in...

work page
[13]

H.-K. Lo, M. Curty, and K. Tamaki, Nature Photonics8, 595 (2014)

work page 2014
[14]

Pirandola, U

S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ot- taviani,et al., Advances in Optics and Photonics12, 1012 (2020)

work page 2020
[15]

F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Reviews of Modern Physics92, 025002 (2020)

work page 2020
[16]

gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/(2020), accessed: 2026-04-21

US National Security Agency, Quantum key distribution (QKD) and quantum cryptography (QC),https://www.nsa. gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/(2020), accessed: 2026-04-21

work page 2020
[17]

UK National Cyber Security Centre, Quantum security technologies,https://www.ncsc.gov.uk/whitepaper/ quantum-security-technologies(2020), accessed: 2026-04-21

work page 2020
[18]

ANSSI, BSI, NLNCSA, and Swedish NCSA, Position paper on quantum key distribution,https://www.bsi.bund.de/ SharedDocs/Downloads/EN/BSI/Crypto/Quantum_Positionspapier.pdf(2024), accessed: 2026-04-21

work page 2024
[19]

Tamaki, M

K. Tamaki, M. Curty, G. Kato, H.-K. Lo, and K. Azuma, Physical Review A90, 052314 (2014)

work page 2014
[20]

Pereira, M

M. Pereira, M. Curty, and K. Tamaki, npj Quantum Information5, 62 (2019)

work page 2019
[21]

Pereira, G

M. Pereira, G. Kato, A. Mizutani, M. Curty, and K. Tamaki, Science Advances6, eaaz4487 (2020)

work page 2020
[22]

Sixto, ´A

X. Sixto, ´A. Navarrete, M. Pereira, G. Curr´ as-Lorenzo, K. Tamaki, and M. Curty, Quantum Science and Technology10, 035034 (2025)

work page 2025
[23]

Tupkary, S

D. Tupkary, S. Nahar, P. Sinha, and N. L¨ utkenhaus, Quantum9, 1937 (2025)

work page 1937
[24]

Curr´ as-Lorenzo, M

G. Curr´ as-Lorenzo, M. Pereira, S. Nahar, and D. Tupkary, preprint arXiv:2507.03549 (2025)

work page arXiv 2025
[25]

Z. Wang, D. Tupkary, and S. Nahar, preprint arXiv:2508.21486 (2025)

work page arXiv 2025
[26]

Pereira, G

M. Pereira, G. Curr´ as-Lorenzo, A. Mizutani, D. Rusca, M. Curty, and K. Tamaki, Quantum Science and Technology10, 015001 (2024)

work page 2024
[27]

Zapatero, ´A

V. Zapatero, ´A. Navarrete, K. Tamaki, and M. Curty, Quantum5, 602 (2021)

work page 2021
[28]

Sixto, V

X. Sixto, V. Zapatero, and M. Curty, Physical Review Applied18, 044069 (2022)

work page 2022
[29]

Curr´ as-Lorenzo, S

G. Curr´ as-Lorenzo, S. Nahar, N. L¨ utkenhaus, K. Tamaki, and M. Curty, Quantum Science and Technology9, 015025 (2023)

work page 2023
[30]

Security of decoy-state quantum key distribution with correlated bit-and-basis encoders

G. Curr´ as-Lorenzo, M. Pereira, A. Marcomini, K. Tamaki, and M. Curty, preprint arXiv:2605.11767 (2026)

work page internal anchor Pith review Pith/arXiv arXiv 2026
[31]

Curr´ as-Lorenzo, M

G. Curr´ as-Lorenzo, M. Pereira, K. Tamaki, and M. Curty, preprint arXiv:2601.08417 (2026)

work page arXiv 2026
[32]

Curr´ as-Lorenzo, M

G. Curr´ as-Lorenzo, M. Pereira, G. Kato, M. Curty, and K. Tamaki, Optica Quantum3, 525 (2025)

work page 2025
[33]

Curr´ as-Lorenzo,´A

G. Curr´ as-Lorenzo,´A. Navarrete, J. N´ u˜ nez-Bon, M. Pereira, and M. Curty, Quantum Science and Technology10, 035031 (2025)

work page 2025
[34]

Pereira, G

M. Pereira, G. Curr´ as-Lorenzo, and M. Ara´ ujo, preprint arXiv:2510.13085 (2025)

work page arXiv 2025
[35]

Navarrete, M

´A. Navarrete, M. Pereira, M. Curty, and K. Tamaki, Physical Review Applied15, 034072 (2021)

work page 2021
[36]

Hwang, Physical Review Letters91, 057901 (2003)

W.-Y. Hwang, Physical Review Letters91, 057901 (2003)

work page 2003
[37]

H.-K. Lo, X. Ma, and K. Chen, Physical Review Letters94, 230504 (2005)

work page 2005
[38]

Wang, Physical Review Letters94, 230503 (2005)

X.-B. Wang, Physical Review Letters94, 230503 (2005)

work page 2005
[39]

P. J. Coles, E. M. Metodiev, and N. L¨ utkenhaus, Nature Communications7, 11712 (2016)

work page 2016
[40]

Winick, N

A. Winick, N. L¨ utkenhaus, and P. J. Coles, Quantum2, 77 (2018)

work page 2018
[41]

Y. Wang, I. W. Primaatmaja, E. Lavie, A. Varvitsiotis, and C. C. W. Lim, npj Quantum Information5, 17 (2019)

work page 2019
[42]

George, J

I. George, J. Lin, and N. L¨ utkenhaus, Physical Review Research3, 013274 (2021)

work page 2021
[43]

Bunandar, L

D. Bunandar, L. C. Govia, H. Krovi, and D. Englund, npj Quantum Information6, 104 (2020)

work page 2020
[44]

Kamin, D

L. Kamin, D. Tupkary, and N. L¨ utkenhaus, preprint arXiv:2502.05382 (2025)

work page arXiv 2025
[45]

Kamin, A

L. Kamin, A. Arqand, I. George, N. L¨ utkenhaus, and E. Y.-Z. Tan, PRX Quantum6, 020342 (2025)

work page 2025
[46]

H. Zhou, T. Sasaki, and M. Koashi, Physical Review Research4, 033126 (2022)

work page 2022
[47]

Metger and R

T. Metger and R. Renner, Nature Communications14, 5272 (2023)

work page 2023
[48]

A. G. Lorente, P. V. Parellada, M. Castillo-Celeita, and M. Ara´ ujo, Quantum9, 1657 (2025)

work page 2025
[49]

Finite-size quantum key distribution rates from R\'enyi entropies using conic optimization

M. Navarro, A. G. Lorente, P. V. Parellada, C. Pascual-Garc´ ıa, and M. Ara´ ujo, preprint arXiv:2511.10584 (2025)

work page internal anchor Pith review Pith/arXiv arXiv 2025
[50]

Tupkary, S

D. Tupkary, S. Nahar, A. Arqand, E. Y.-Z. Tan, and N. L¨ utkenhaus, preprint arXiv:2601.18035 (2026)

work page arXiv 2026
[51]

Kamin, J

L. Kamin, J. Burniston, and E. Y.-Z. Tan, preprint arXiv:2504.12248 (2025)

work page arXiv 2025
[52]

Nahar, D

S. Nahar, D. Tupkary, and N. L¨ utkenhaus, Quantum10, 2044 (2026)

work page 2044
[53]

Gr¨ unenfelder, A

F. Gr¨ unenfelder, A. Boaron, D. Rusca, A. Martin, and H. Zbinden, Appl. Phys. Lett.117, 144003 (2020)

work page 2020
[54]

Agulleiro, F

A. Agulleiro, F. Gr¨ unenfelder, M. Pereira, G. Curr´ as-Lorenzo, H. Zbinden, M. Curty, and D. Rusca, preprint arXiv:2506.18684 (2025)

work page arXiv 2025
[55]

G. L. Roberts, M. Pittaluga, M. Minder, M. Lucamarini, J. F. Dynes, Z. L. Yuan, and A. J. Shields, Opt. Lett.43, 5110 (2018). 38

work page 2018
[56]

Yoshino, M

K.-i. Yoshino, M. Fujiwara, K. Nakata, T. Sumiya, T. Sasaki, M. Takeoka, M. Sasaki, A. Tajima, M. Koashi, and A. Tomita, npj Quantum Information4, 8 (2018)

work page 2018
[57]

Trefilov, X

D. Trefilov, X. Sixto, V. Zapatero, A. Huang, M. Curty, and V. Makarov, Optica Quantum3, 417 (2025)

work page 2025
[58]

Azuma, Tohoku Mathematical Journal19, 357 (1967)

K. Azuma, Tohoku Mathematical Journal19, 357 (1967)

work page 1967
[59]

Kato, preprint arXiv:2002.04357 (2020)

G. Kato, preprint arXiv:2002.04357 (2020)

work page arXiv 2002
[60]

F. Xu, K. Wei, S. Sajeed, S. Kaiser, S. Sun, Z. Tang, L. Qian, V. Makarov, and H.-K. Lo, Physical Review A92, 032305 (2015)

work page 2015
[61]

Honjo, K

T. Honjo, K. Inoue, and H. Takahashi, Optics Letters29, 2797 (2004)

work page 2004
[62]

Pittaluga, M

M. Pittaluga, M. Minder, M. Lucamarini, M. Sanzaro, R. I. Woodward, M.-J. Li, Z. Yuan, and A. J. Shields, Nature Photonics15, 530 (2021)

work page 2021
[63]

The MathWorks Inc., Global Optimization Toolbox, version 25.1 (R2025a) (2025)

work page 2025
[64]

Tomamichel and A

M. Tomamichel and A. Leverrier, Quantum1, 14 (2017)

work page 2017
[65]

Koashi, New Journal of Physics11, 045018 (2009)

M. Koashi, New Journal of Physics11, 045018 (2009)

work page 2009
[66]

Bernstein, Ann

S. Bernstein, Ann. Sci. Inst. Sav. Ukraine, Sect. Math1, 38 (1924)

work page 1924
[67]

Boucheron, G

S. Boucheron, G. Lugosi, and P. Massart,Concentration Inequalities: A Nonasymptotic Theory of Independence(Oxford University Press, 2013)

work page 2013
[68]

R. J. Serfling, The Annals of Statistics2, 39 (1974)

work page 1974
[69]

Curr´ as-Lorenzo,´A

G. Curr´ as-Lorenzo,´A. Navarrete, M. Pereira, and K. Tamaki, Physical Review A104, 012406 (2021)

work page 2021
[70]

Navarrete and M

´A. Navarrete and M. Curty, Quantum Science and Technology7, 035021 (2022)

work page 2022
[71]

Mannalath, V

V. Mannalath, V. Zapatero, and M. Curty, Physical Review Letters135, 020803 (2025)

work page 2025
[72]

Uhlmann, Reports on Mathematical Physics9, 273 (1976)

A. Uhlmann, Reports on Mathematical Physics9, 273 (1976)

work page 1976
[73]

Nahar, D

S. Nahar, D. Tupkary, Y. Zhao, N. L¨ utkenhaus, and E. Y.-Z. Tan, PRX Quantum5, 040315 (2024)

work page 2024