Bell Nonlocality Is Not Sufficient for the Security of Standard Device-Independent Quantum Key Distribution Protocols

Device-independent quantum key distribution is a secure quantum cryptographic paradigm that allows two honest users to establish a secret key, while putting minimal trust in their devices. Most of the existing protocols have the following structure: first, a bipartite nonlocal quantum state is distributed between the honest users, who perform local projective measurements to establish nonlocal correlations. Then, they announce the implemented measurements and extract a secure key by postprocessing their measurement outcomes. We show that no protocol of this form allows for establishing a secret key when implemented on any correlation obtained by measuring local projective measurements on certain entangled nonlocal states, namely, on a range of entangled two-qubit Werner states. To prove this result, we introduce a technique for upper bounding the asymptotic key rate of device-independent quantum key distribution protocols, based on a simple eavesdropping attack. Our results imply that either different reconciliation techniques are needed for device-independent quantum key distribution in the large-noise regime, or Bell nonlocality is not sufficient for this task.

Figure 1

Upper bounds on the two-way key rate for the standard CHSH protocol in terms of the visibility. The dotted line is the upper bound from [15], the dashed line is the upper bound from [17], and the solid line is the bound in Eq. (14). Note that the visibility can be converted into the CHSH violation $S$ via $S=2\sqrt{2}v$. The shaded area represents the lower bound from [1].