Entropy Bounds for Multiparty Device-Independent Cryptography

Multiparty quantum cryptography based on distributed entanglement will find its natural application in the upcoming quantum networks. The security of many multipartite device-independent (DI) protocols, such as DI conference-key agreement, relies on bounding the von Neumann entropy of the parties’ outcomes conditioned on the eavesdropper’s information, given the violation of a multipartite Bell inequality. We consider three parties testing the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality and certify the privacy of their outcomes by bounding the conditional entropy of a single party’s outcome and the joint conditional entropy of two parties’ outcomes. From the former bound, we show that genuine multipartite entanglement is necessary to certify the privacy of a party’s outcome, while the latter significantly improves previous results. We obtain the entropy bounds thanks to two general results of independent interest. The first one drastically simplifies the quantum setup of an $N$-partite Bell scenario. The second one provides an upper bound on the violation of the MABK inequality by an arbitrary $N$-qubit state, as a function of the state’s parameters.

Popular Summary

It is now widely accepted that the properties of quantum systems can be truly random while being highly correlated with the properties of other distant systems. Such correlations are said to be nonlocal, disproving our intuitive assumption that measuring a property of a system merely reveals a local pre-existing value. Remarkably, when nonlocality is observed in the outcomes of a set of parties measuring their quantum systems, one can infer that a party’s outcome is secret to some extent. Secret randomness is a crucial cryptographic primitive and nonlocality allows its certification regardless of the details of the physical implementation, namely in a device-independent manner. The challenge is to quantify the amount of secret randomness generated given the observed nonlocal correlations. Our paper provides the tools to certify the secret randomness generated by three or more parties (e.g., in a quantum network) when their measurement outcomes are nonlocally correlated.

The nonlocality of correlations is quantified by the violation of a given correlation inequality (Bell inequality), involving the outcomes of each collaborating party. We certify the fraction of secret bits in a single party’s outcome and in two parties’ outcomes by appropriate conditional entropies. In particular, we derive analytical expressions for the entropies that solely depend on the observed Bell violation. The derived conditional entropies play a fundamental role in the security proof of multiparty device-independent quantum-cryptographic protocols. Indeed, they determine the length of the bitstrings generated by randomness expansion and key agreement protocols.

Figure 1

Alice, Bob, and Charlie generate device-independent randomness from the input-output correlations of their unknown quantum devices by testing the MABK inequality. Each device is equipped with two inputs and two outputs. The eavesdropper Eve might hold a quantum memory $E$ entangled with the parties’ devices and use it to guess their outcomes $X$, $Y$, or $Z$. We quantify Eve’s uncertainty on Alice’s outcome $X$ by computing the conditional von Neumann entropy $H(X|E)$. Additionally, we assume that Alice and Bob are colocated and collaborate to generate global randomness from their outcomes $X$ and $Y$. We quantify Eve’s joint uncertainty on their outcomes by computing $H(XY|E)$.

Figure 2

Analytical lower bound on the conditional von Neumann entropy $H(X|E_{\mathrm{tot}})$ as a function of the MABK inequality violation [green line, Eq. (29)] observed by three parties. We compare it to the numerical optimization of Eq. (22) (blue line), whose convex hull (dashed orange) yields an upper limit on the lowest value of $H(X|E_{\mathrm{tot}})$. We notice that Eve has no uncertainty on Alice’s outcome $X$ for violations below the genuine multipartite entanglement (GME) threshold.

Figure 3

Analytical lower bound on the conditional von Neumann entropy $H(XY|E_{\mathrm{tot}})$ [green line, Eq. (39)] as a function of the MABK violation observed by three parties. We compare it to the lower bound on the conditional min-entropy $H_{\min }(XY|E_{\mathrm{tot}})$ derived in Ref. [50] (magenta line) and to the numerical solution of Eq. (34) (blue line), whose convex hull (dashed orange) yields an upper limit on the lowest value of $H(XY|E_{\mathrm{tot}})$. Our bound dramatically improves the one in Ref. [50] since it directly bounds the von Neumann entropy. Unlike the case of $H(X|E_{\mathrm{tot}})$ in Fig. 2, Eve’s uncertainty on outcomes $X$ and $Y$ is nonzero even for violations below the GME threshold.