quantum-computing

A consolidated and accessible security proof for finite-size decoy-state quantum key distribution

Quantum Journal

30 min read

0 likes

A consolidated and accessible security proof for finite-size decoy-state quantum key distribution

Summarize this article with:

AbstractIn recent years, quantum key distribution (QKD) has evolved from a scientific research field to a commercially available security solution, supported by mathematically formulated security proofs. However, since the knowledge required for a full understanding of a security proof is scattered across numerous publications, it has proven difficult to gain a comprehensive understanding of all steps involved in the process and their limitations without considerable effort and attention to detail. Our paper aims to address this issue by providing a rigorous and comprehensive security proof for the finite-size 1-decoy and 2-decoy BB84 protocols against coherent attacks within Renner's entropic uncertainty relation framework. We resolve important technical flaws found in previous works regarding the fixed-length treatment of protocols and the careful handling of acceptance testing. To this end, we provide various technical arguments, including an analysis accounting for the important distinction of the 1-decoy protocol where statistics are computed after error correction, along with a slight improvement of the secure-key length. We also explicitly clarify the aspect of conditioning on events, addressing a technical detail often overlooked and essential for rigorous proofs. We extensively consolidate and unify concepts from many works, thoroughly discussing the underlying assumptions and resolving technical inconsistencies. Therefore, our contribution represents a significant advancement towards a broader and deeper understanding of QKD security proofs.Featured image: Structure of the security proof for decoy-state BB84 presented in this work.► BibTeX data@article{Wiesemann2026consolidated, doi = {10.22331/q-2026-03-23-2037}, url = {https://doi.org/10.22331/q-2026-03-23-2037}, title = {A consolidated and accessible security proof for finite-size decoy-state quantum key distribution}, author = {Wiesemann, Jerome and Krause, Jan and Tupkary, Devashish and L{\"{u}}tkenhaus, Norbert and Rusca, Davide and Walenta, Nino}, journal = {{Quantum}}, issn = {2521-327X}, publisher = {{Verein zur F{\"{o}}rderung des Open Access Publizierens in den Quantenwissenschaften}}, volume = {10}, pages = {2037}, month = mar, year = {2026} }► References [1] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978, 10.1145/359340.359342. https://doi.org/10.1145/359340.359342 [2] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976, 10.1109/TIT.1976.1055638. https://doi.org/10.1109/TIT.1976.1055638 [3] N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203–209, 1987, 10.1090/S0025-5718-1987-0866109-5. https://doi.org/10.1090/S0025-5718-1987-0866109-5 [4] V. S. Miller. Use of elliptic curves in cryptography. In H. C. Williams, editor, Advances in Cryptology — CRYPTO '85 Proceedings, pages 417–426, Berlin, Heidelberg, 1986.

Springer Berlin Heidelberg, 10.1007/3-540-39799-X_31. https://doi.org/10.1007/3-540-39799-X_31 [5] C. E. Shannon. Communication theory of secrecy systems.

The Bell System Technical Journal, 28(4):656–715, 1949, 10.1002/j.1538-7305.1949.tb00928.x. https://doi.org/10.1002/j.1538-7305.1949.tb00928.x [6] W. K. Wootters and W. H. Zurek. A single quantum cannot be cloned. Nature, 299(5886):802–803, 1982, 10.1038/299802a0. https://doi.org/10.1038/299802a0 [7] P. Shor and J. Preskill. Simple Proof of Security of the BB84 Quantum Key Distribution Protocol.

Physical Review Letters, 85:441–444, 2000, 10.1103/PhysRevLett.85.441. https://doi.org/10.1103/PhysRevLett.85.441 [8] R. Canetti. Universally composable security: a new paradigm for cryptographic protocols. In Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pages 136–145, 2001, 10.1109/SFCS.2001.959888. https://doi.org/10.1109/SFCS.2001.959888 [9] D. Mayers. Unconditional security in quantum cryptography. J. ACM, 48(3):351–406, 2001, 10.1145/382780.382781. https://doi.org/10.1145/382780.382781 [10] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden. Quantum Cryptography. Reviews of Modern Physics, 74(1):145–195, 2002, 10.1103/RevModPhys.74.145. https://doi.org/10.1103/RevModPhys.74.145 [11] V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev. The Security of Practical Quantum Key Distribution. Reviews of Modern Physics, 81(3):1301–1350, 2009, 10.1103/RevModPhys.81.1301. https://doi.org/10.1103/RevModPhys.81.1301 [12] C. Portmann and R. Renner. Security in Quantum Cryptography. Reviews of Modern Physics, 94(2):025008, 2022, 10.1103/RevModPhys.94.025008. https://doi.org/10.1103/RevModPhys.94.025008 [13] G. Brassard. Brief history of quantum cryptography: a personal perspective. In IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, page 19–23. IEEE, 2005, 10.1109/itwtpi.2005.1543949. https://doi.org/10.1109/itwtpi.2005.1543949 [14] C. H. Bennett and G. Brassard. Quantum cryptography: Public key distribution and coin tossing.

Theoretical Computer Science, 560:7–11, 1984, 10.1016/j.tcs.2014.05.025. https://doi.org/10.1016/j.tcs.2014.05.025 [15] A. Boaron, G. Boso, D. Rusca, C. Vulliez, C. Autebert, M. Caloz, M. Perrenoud, G. Gras, F. Bussières, M.-J. Li, D. Nolan, A. Martin, and H. Zbinden.

Secure Quantum Key Distribution over 421 km of Optical Fiber.

Physical Review Letters, 121(19):190502, 2018, 10.1103/PhysRevLett.121.190502. https://doi.org/10.1103/PhysRevLett.121.190502 [16] C. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin. Experimental quantum cryptography. Journal of Cryptology, 1992, 10.1007/BF00191318. https://doi.org/10.1007/BF00191318 [17] B. Huttner, N. Imoto, N. Gisin, and T. Mor. Quantum cryptography with coherent states. Physical Review A, 51(3):1863–1869, 1995, 10.1103/PhysRevA.51.1863. https://doi.org/10.1103/PhysRevA.51.1863 [18] N. Lütkenhaus and M. Jahma. Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack. New Journal of Physics, 4:44–44, 2002, 10.1088/1367-2630/4/1/344. https://doi.org/10.1088/1367-2630/4/1/344 [19] W.-Y. Hwang.

Quantum Key Distribution with High Loss: Toward Global Secure Communication.

Physical Review Letters, 91(5):057901, 2003, 10.1103/PhysRevLett.91.057901. https://doi.org/10.1103/PhysRevLett.91.057901 [20] X.-B. Wang. Beating the photon-number-splitting attack in practical quantum cryptography.

Physical Review Letters, 94(23):230503, 2005, 10.1103/PhysRevLett.94.230503. https://doi.org/10.1103/PhysRevLett.94.230503 [21] H.-K. Lo, X. Ma, and K. Chen.

Decoy State Quantum Key Distribution.

Physical Review Letters, 94(23):230504, 2005, 10.1103/PhysRevLett.94.230504. https://doi.org/10.1103/PhysRevLett.94.230504 [22] N. Lütkenhaus. Security against individual attacks for realistic quantum key distribution. Physical Review A, 61(5):052304, 2000, 10.1103/PhysRevA.61.052304. https://doi.org/10.1103/PhysRevA.61.052304 [23] V. Scarani, A. Acín, G. Ribordy, and N. Gisin. Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations.

Physical Review Letters, 92(5), 2004, 10.1103/physrevlett.92.057901. https://doi.org/10.1103/physrevlett.92.057901 [24] R. Renner. Security of quantum key distribution, 2005, 10.48550/arXiv.quant-ph/0512258. https://doi.org/10.48550/arXiv.quant-ph/0512258 arXiv:quant-ph/0512258 [25] L. Kamin, A. Arqand, I. George, N. Lütkenhaus, and E. Y.-Z. Tan. Finite-Size Analysis of Prepare-and-Measure and Decoy-State Quantum Key Distribution via Entropy Accumulation. PRX Quantum, 6(2):020342, 2025, 10.1103/PRXQuantum.6.020342. https://doi.org/10.1103/PRXQuantum.6.020342 [26] C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden. Concise security bounds for practical decoy-state quantum key distribution. Physical Review A, 89(2):022307, 2014, 10.1103/PhysRevA.89.022307. https://doi.org/10.1103/PhysRevA.89.022307 [27] D. Rusca, A. Boaron, F. Grünenfelder, A. Martin, and H. Zbinden. Finite-key analysis for the 1-decoy state QKD protocol.

Applied Physics Letters, 112(17):171104, 2018, 10.1063/1.5023340. https://doi.org/10.1063/1.5023340 [28] M. Tomamichel, C. Schaffner, A. Smith, and R. Renner. Leftover hashing against quantum side information. IEEE Transactions on Information Theory, 57(8):5524–5535, 2011, 10.1109/tit.2011.2158473. https://doi.org/10.1109/tit.2011.2158473 [29] X. Ma, B. Qi, Y. Zhao, and H.-K. Lo. Practical decoy state for quantum key distribution. Physical Review A, 72(1):012326, 2005, 10.1103/PhysRevA.72.012326. https://doi.org/10.1103/PhysRevA.72.012326 [30] L. Kamin and N. Lütkenhaus. Improved decoy-state and flag-state squashing methods.

Physical Review Research, 6(4):043223, 2024, 10.1103/PhysRevResearch.6.043223. https://doi.org/10.1103/PhysRevResearch.6.043223 [31] A. Ekert. Quantum cryptography based on Bell's theorem.

Physical Review Letters, 67:661–663, 1991, 10.1103/PhysRevLett.67.661. https://doi.org/10.1103/PhysRevLett.67.661 [32] H.-K. Lo, M. Curty, and B. Qi. Measurement-device-independent quantum key distribution.

Physical Review Letters, 108(13), 2012, 10.1103/physrevlett.108.130503. https://doi.org/10.1103/physrevlett.108.130503 [33] M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields. Overcoming the rate–distance limit of quantum key distribution without quantum repeaters. Nature, 557(7705):400–403, 2018, 10.1038/s41586-018-0066-6. https://doi.org/10.1038/s41586-018-0066-6 [34] P. Zeng, H. Zhou, W. Wu, and X. Ma. Mode-pairing quantum key distribution. Nature Communications, 13(1):3903, 2022, 10.1038/s41467-022-31534-7. https://doi.org/10.1038/s41467-022-31534-7 [35] M. Tomamichel and A. Leverrier. A largely self-contained and complete security proof for quantum key distribution. Quantum, 1:14, 2017, 10.22331/q-2017-07-14-14. https://doi.org/10.22331/q-2017-07-14-14 [36] M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner. Tight finite-key analysis for quantum cryptography. Nature Communications, 3(1), 2012, 10.1038/ncomms1631. https://doi.org/10.1038/ncomms1631 [37] D. Tupkary, S. Nahar, P. Sinha, and N. Lütkenhaus. Phase error rate estimation in QKD with imperfect detectors. Quantum, 9:1937, 2025, 10.22331/q-2025-12-11-1937. https://doi.org/10.22331/q-2025-12-11-1937 [38] German Federal Office for Information Security. Implementation Attacks against QKD Systems, 2024. https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Studien/QKD-Systems/Implementation_Attacks_QKD_Systems_node.html Last accessed on 18-05-24. https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Studien/QKD-Systems/Implementation_Attacks_QKD_Systems_node.html [39] N. Jain, B. Stiller, I. Khan, D. Elser, C. Marquardt, and G. Leuchs. Attacks on practical quantum key distribution systems (and how to prevent them). Contemporary Physics, 57(3):366–387, 2016, 10.1080/00107514.2016.1148333. https://doi.org/10.1080/00107514.2016.1148333 [40] S. Sajeed, P. Chaiwongkhot, A. Huang, H. Qin, V. Egorov, A. Kozubov, A. Gaidash, V. Chistiakov, A. Vasiliev, A. Gleim, and V. Makarov. An approach for security evaluation and certification of a complete quantum communication system. Scientific Reports, 11(1):5110, 2021, 10.1038/s41598-021-84139-3. https://doi.org/10.1038/s41598-021-84139-3 [41] V. Makarov, A. Abrikosov, P. Chaiwongkhot, A. K. Fedorov, A. Huang, E. Kiktenko, M. Petrov, A. Ponosova, D. Ruzhitskaya, A. Tayduganov, D. Trefilov, and K. Zaitsev. Preparing a commercial quantum key distribution system for certification against implementation loopholes.

Physical Review Applied, 22(4):044076, 2024, 10.1103/PhysRevApplied.22.044076. https://doi.org/10.1103/PhysRevApplied.22.044076 [42] M. Tomamichel and R. Renner.

The Uncertainty Relation for Smooth Entropies.

Physical Review Letters, 106(11):110506, 2011, 10.1103/PhysRevLett.106.110506. https://doi.org/10.1103/PhysRevLett.106.110506 [43] S. Nahar, D. Tupkary, Y. Zhao, N. Lütkenhaus, and E. Y.-Z. Tan. Postselection technique for optical quantum key distribution with improved de finetti reductions. PRX Quantum, 5:040315, 2024, 10.1103/PRXQuantum.5.040315. https://doi.org/10.1103/PRXQuantum.5.040315 [44] M. Christandl, R. König, and R. Renner. Postselection Technique for Quantum Channels with Applications to Quantum Cryptography.

Physical Review Letters, 102(2):020504, 2009, 10.1103/PhysRevLett.102.020504. https://doi.org/10.1103/PhysRevLett.102.020504 [45] T. Metger and R. Renner. Security of quantum key distribution from generalised entropy accumulation. Nature Communications, 14(1):5272, 2023, 10.1038/s41467-023-40920-8. https://doi.org/10.1038/s41467-023-40920-8 [46] M. Koashi. Simple security proof of quantum key distribution based on complementarity. New Journal of Physics, 11(4):045018, 2009, 10.1088/1367-2630/11/4/045018. https://doi.org/10.1088/1367-2630/11/4/045018 [47] S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ottaviani, J. Pereira, M. Razavi, J. S. Shaari, M. Tomamichel, V. C. Usenko, G. Vallone, P. Villoresi, and P. Wallden. Advances in Quantum Cryptography. Advances in Optics and Photonics, 12(4):1012, 2020, 10.1364/AOP.361502. https://doi.org/10.1364/AOP.361502 [48] R. Wolf.

Quantum Key Distribution: An Introduction with Exercises, volume 988.

Springer International Publishing, Cham, 2021, 10.1007/978-3-030-73991-1. https://doi.org/10.1007/978-3-030-73991-1 [49] F. Grasselli. Quantum Cryptography: From Key Distribution to Conference Key Agreement. Quantum Science and Technology.

Springer International Publishing, Cham, 2021, 10.1007/978-3-030-64360-7. https://doi.org/10.1007/978-3-030-64360-7 [50] J. Audretsch. Entangled Systems: New Directions in Quantum Physics. John Wiley & Sons, Ltd, 2007, 10.1002/9783527619153. https://doi.org/10.1002/9783527619153 [51] M. Nielsen and I. Chuang. Quantum Computation and Quantum Information: 10th Anniversary Edition.

Cambridge University Press, 2010, 10.1017/CBO9780511976667. https://doi.org/10.1017/CBO9780511976667 [52] M. N. Wegman and J. L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 22(3):265–279, 1981, 10.1016/0022-0000(81)90033-7. https://doi.org/10.1016/0022-0000(81)90033-7 [53] D. R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4(3):369–380, 1994, 10.1007/BF01388651. https://doi.org/10.1007/BF01388651 [54] C. Portmann. Key recycling in authentication. IEEE Transactions on Information Theory, 60(7):4383–4396, 2014, 10.1109/TIT.2014.2317312. https://doi.org/10.1109/TIT.2014.2317312 [55] D. Tupkary, E. Y.-Z. Tan, and N. Lütkenhaus. Security proof for variable-length quantum key distribution. Phys. Rev. Res., 6:023002, 2024, 10.1103/PhysRevResearch.6.023002. https://doi.org/10.1103/PhysRevResearch.6.023002 [56] M. Hayashi and T. Tsurumaru. Concise and tight security analysis of the Bennett–Brassard 1984 protocol with finite key lengths. New Journal of Physics, 14(9):093014, 2012, 10.1088/1367-2630/14/9/093014. https://doi.org/10.1088/1367-2630/14/9/093014 [57] S. Kawakami, T. Sasaki, and M. Koashi. Finite-key analysis for quantum key distribution with weak coherent pulses based on Bernoulli sampling. Physical Review A, 96(1):012305, 2017, 10.1103/PhysRevA.96.012305. https://doi.org/10.1103/PhysRevA.96.012305 [58] G. Currás-Lorenzo, A. Navarrete, K. Azuma, G. Kato, M. Curty, and M. Razavi. Tight finite-key security for twin-field quantum key distribution. npj Quantum Information, 7(1):1–9, 2021, 10.1038/s41534-020-00345-3. https://doi.org/10.1038/s41534-020-00345-3 [59] I. George, J. Lin, and N. Lütkenhaus. Numerical calculations of the finite key rate for general quantum key distribution protocols.

Physical Review Research, 3(1):013274, 2021, 10.1103/PhysRevResearch.3.013274. https://doi.org/10.1103/PhysRevResearch.3.013274 [60] V. Mannalath, V. Zapatero, and M. Curty.

Sharp Finite Statistics for Quantum Key Distribution.

Physical Review Letters, 135(2):020803, 2025, 10.1103/l735-x48g. https://doi.org/10.1103/l735-x48g [61] C. Pfister, N. Lütkenhaus, S. Wehner, and P. J. Coles. Sifting attacks in finite-size quantum key distribution. New Journal of Physics, 18(5):053001, 2016, 10.1088/1367-2630/18/5/053001. https://doi.org/10.1088/1367-2630/18/5/053001 [62] K. Tamaki, H.-K. Lo, A. Mizutani, G. Kato, C. C. W. Lim, K. Azuma, and M. Curty. Security of quantum key distribution with iterative sifting. Quantum Science and Technology, 3(1):014002, 2018, 10.1088/2058-9565/aa89bd. https://doi.org/10.1088/2058-9565/aa89bd [63] Marco Tomamichel.

Quantum Information Processing with Finite Resources.

Springer International Publishing, 2016, 10.1007/978-3-319-21891-5. https://doi.org/10.1007/978-3-319-21891-5 [64] M. Tomamichel. A Framework for Non-Asymptotic Quantum Information Theory, 2012, 10.48550/arxiv.1203.2142. https://doi.org/10.48550/arxiv.1203.2142 [65] M. Wilde. From Classical to Quantum Shannon Theory.

Cambridge University Press, 2016, 10.1017/9781316809976.001. https://doi.org/10.1017/9781316809976.001 [66] A. Tsybakov. Introduction to Nonparametric Estimation. Springer series in statistics. Springer, Dordrecht, 2009, 10.1007/b13794. https://doi.org/10.1007/b13794 [67] N. Smart. Cryptography: An Introduction, 3rd Edition. Mcgraw-Hill College, 2004. [68] G. S. Vernam. Cipher printing telegraph systems: For secret wire and radio telegraphic communications. Journal of the A.I.E.E., 45(2):109–115, 1926, 10.1109/JAIEE.1926.6534724. https://doi.org/10.1109/JAIEE.1926.6534724 [69] M. Herrero-Collantes and J. C. Garcia-Escartin. Quantum random number generators. Reviews of Modern Physics, 89(1):015004, 2017, 10.1103/RevModPhys.89.015004. https://doi.org/10.1103/RevModPhys.89.015004 [70] R. Colbeck and R. Renner. No extension of quantum theory can have improved predictive power. Nature Communications, 2(1):411, 2011, 10.1038/ncomms1416. https://doi.org/10.1038/ncomms1416 [71] Carla Ferradini, Martin Sandfuchs, Ramona Wolf, and Renato Renner. Defining security in quantum key distribution, 2025, 10.48550/arXiv.2509.13405. https://doi.org/10.48550/arXiv.2509.13405 [72] D. Tupkary, S. Nahar, and E. Y.-Z. Tan. Authentication in Security Proofs for Quantum Key Distribution, 2026, 10.48550/arXiv.2601.17960. https://doi.org/10.48550/arXiv.2601.17960 [73] N. Mosca, D. Stebila, and B. Ustaoglu. Quantum key distribution in the classical authenticated key exchange framework, 2012, 10.48550/arXiv.1206.6150. https://doi.org/10.48550/arXiv.1206.6150 [74] G. Currás-Lorenzo, M. Pereira, G. Kato, M. Curty, and K. Tamaki. Security framework for quantum key distribution with imperfect sources. Optica Quantum, 3(6):525–534, 2025, 10.1364/OPTICAQ.569424. https://doi.org/10.1364/OPTICAQ.569424 [75] V. Zapatero, Á. Navarrete, and M. Curty. Implementation security in quantum key distribution.

Advanced Quantum Technologies, 8(2):2300380, 2025, https://doi.org/10.1002/qute.202300380. https://doi.org/10.1002/qute.202300380 [76] S. Pironio, A. Acín, N. Brunner, N. Gisin, S. Massar, and V. Scarani. Device-independent quantum key distribution secure against collective attacks. New Journal of Physics, 11(4):045021, 2009, 10.1088/1367-2630/11/4/045021. https://doi.org/10.1088/1367-2630/11/4/045021 [77] E. Biham, M. Boyer, P. O. Boykin, T. Mor, and V. Roychowdhury. A Proof of the Security of Quantum Key Distribution, 2005, 10.48550/arXiv.quant-ph/0511175. https://doi.org/10.48550/arXiv.quant-ph/0511175 arXiv:quant-ph/0511175 [78] J. Müller-Quade and R. Renner. Composability in quantum cryptography. New Journal of Physics, 11(8):085006, 2009, 10.1088/1367-2630/11/8/085006. https://doi.org/10.1088/1367-2630/11/8/085006 [79] B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons Inc, 1996. [80] J. Carter and M. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18(2):143–154, 1979, 10.1016/0022-0000(79)90044-8. https://doi.org/10.1016/0022-0000(79)90044-8 [81] M. Tomamichel, J. Martinez-Mateo, C. Pacher, and D. Elkouss.

Fundamental Finite Key Limits for One-Way Information Reconciliation in Quantum Key Distribution.

Quantum Information Processing, 16(11):280, 2017, 10.1007/s11128-017-1709-5. https://doi.org/10.1007/s11128-017-1709-5 [82] H. Tyagi and A. Vardy. Universal Hashing for Information-Theoretic Security. Proceedings of the IEEE, 103(10):1781–1795, 2015, 10.1109/JPROC.2015.2462774. https://doi.org/10.1109/JPROC.2015.2462774 [83] R. Renner and R. König. Universally composable privacy amplification against quantum adversaries.

In Joe Kilian, editor, Theory of Cryptography, pages 407–425, Berlin, Heidelberg, 2005.

Springer Berlin Heidelberg, 10.1007/978-3-540-30576-7_22. https://doi.org/10.1007/978-3-540-30576-7_22 [84] R. Konig, R. Renner, and C. Schaffner. The operational meaning of min- and max-entropy. IEEE Transactions on Information Theory, 55(9):4337–4347, 2009, 10.1109/tit.2009.2025545. https://doi.org/10.1109/tit.2009.2025545 [85] M. Tomamichel, R. Colbeck, and R. Renner.

Duality Between Smooth Min- and Max-Entropies. IEEE Transactions on Information Theory, 56(9):4674–4681, 2010, 10.1109/TIT.2010.2054130. https://doi.org/10.1109/TIT.2010.2054130 [86] A. Vitanov, F. Dupuis, M. Tomamichel, and R. Renner. Chain rules for smooth min- and max-entropies. IEEE Transactions on Information Theory, 59(5):2603–2612, 2013, 10.1109/tit.2013.2238656. https://doi.org/10.1109/tit.2013.2238656 [87] M. Curty, M. Lewenstein, and N. Lütkenhaus. Entanglement as a precondition for secure quantum key distribution. Phys. Rev. Lett., 92:217903, 2004, 10.1103/PhysRevLett.92.217903. https://doi.org/10.1103/PhysRevLett.92.217903 [88] A. Ferenczi and N. Lütkenhaus. Symmetries in quantum key distribution and the connection between optimal attacks and optimal cloning. Phys. Rev. A, 85:052310, 2012, 10.1103/PhysRevA.85.052310. https://doi.org/10.1103/PhysRevA.85.052310 [89] P. J. Coles, R. M. Metodiev, and N. Lütkenhaus. Numerical approach for unstructured quantum key distribution. Nature Communications, 7(1):11712, 2016, 10.1038/ncomms11712. https://doi.org/10.1038/ncomms11712 [90] A. Ekert and R. Renner. The ultimate physical limits of privacy. Nature, 507(7493):443–447, 2014, 10.1038/nature13132. https://doi.org/10.1038/nature13132 [91] C. C. W. Lim. Tight security bounds for quantum key distribution. PhD thesis, Université de Genève, 2014. [92] R. J. Serfling. Probability Inequalities for the Sum in Sampling without Replacement. The Annals of Statistics, 2(1):39–48, 1974, 10.1214/aos/1176342611. https://doi.org/10.1214/aos/1176342611 [93] H.-K. Lo and J. Preskill. Security of quantum key distribution using weak coherent states with nonrandom phases, 2007, 10.48550/arXiv.quant-ph/0610203. https://doi.org/10.48550/arXiv.quant-ph/0610203 arXiv:quant-ph/0610203 [94] M. O. Scully and M. S. Zubairy. Quantum Optics.

Cambridge University Press, 1997. [95] G. Currás-Lorenzo, S. Nahar, N. Lütkenhaus, K. Tamaki, and M. Curty. Security of quantum key distribution with imperfect phase randomisation. Quantum Science and Technology, 9(1):015025, 2024, 10.1088/2058-9565/ad141c. https://doi.org/10.1088/2058-9565/ad141c [96] X. Sixto, G. Currás-Lorenzo, K. Tamaki, and M. Curty. Secret key rate bounds for quantum key distribution with faulty active phase randomization. EPJ Quantum Technology, 10(1):53, 2023, 10.1140/epjqt/s40507-023-00210-0. https://doi.org/10.1140/epjqt/s40507-023-00210-0 [97] S. Nahar, T. Upadhyaya, and N. Lütkenhaus. Imperfect phase randomization and generalized decoy-state quantum key distribution. Phys. Rev. Appl., 20:064031, 2023, 10.1103/PhysRevApplied.20.064031. https://doi.org/10.1103/PhysRevApplied.20.064031 [98] W. Hoeffding. Probability Inequalities for Sums of Bounded Random Variables. Journal of the American Statistical Association, 58(301):13–30, 1963, 10.2307/2282952. https://doi.org/10.2307/2282952 [99] M. Curty, F. Xu, W. Cui, C. Lim, K. Tamaki, and H.-K. Lo. Finite-key analysis for measurement-device-independent quantum key distribution. Nature Communications, 5(1), 2014, 10.1038/ncomms4732. https://doi.org/10.1038/ncomms4732 [100] D. Tupkary, E. Y.-Z. Tan, S. Nahar, L. Kamin, and N. Lütkenhaus. QKD security proofs for decoy-state BB84: protocol variations, proof techniques, gaps and limitations, 2025, 10.48550/arXiv.2502.10340. https://doi.org/10.48550/arXiv.2502.10340 [101] A. Arqand and E. Y.-Z. Tan. Marginal-constrained entropy accumulation theorem, 2025, 10.48550/arXiv.2502.02563. https://doi.org/10.48550/arXiv.2502.02563 [102] L. Kamin, J. Burniston, and E. Y.-Z. Tan. Rényi security framework against coherent attacks applied to decoy-state QKD, 2025, 10.48550/arXiv.2504.12248. https://doi.org/10.48550/arXiv.2504.12248 [103] L. Kamin. From Asymptotic to Finite-Size Security in Decoy-State Quantum Key Distribution. PhD thesis, University of Waterloo, 2026. In preparation. [104] M. Lucamarini, I. Choi, M. B. Ward, J. F. Dynes, Z. L. Yuan, and A. J. Shields.

Practical Security Bounds Against the Trojan-Horse Attack in Quantum Key Distribution. Physical Review X, 5(3):031030, 2015, 10.1103/PhysRevX.5.031030. https://doi.org/10.1103/PhysRevX.5.031030 [105] W. Wang, K. Tamaki, and M. Curty. Finite-key security analysis for quantum key distribution with leaky sources. New Journal of Physics, 20(8):083027, 2018, 10.1088/1367-2630/aad839. https://doi.org/10.1088/1367-2630/aad839 [106] Y. Zhang, P. J. Coles, A. Winick, J. Lin, and N. Lütkenhaus. Security proof of practical quantum key distribution with detection-efficiency mismatch.

Physical Review Research, 3(1):013076, 2021, 10.1103/PhysRevResearch.3.013076. https://doi.org/10.1103/PhysRevResearch.3.013076 [107] G. Wiesemann. Quantum key distribution secure-key rate simulation (1-decoy BB84). https://github.com/JeromeWiesemann/Quantum-key-distribution-secure-key-rate-simulation-1-decoy-BB84, 2025. Accessed: 2025-12-03. https://github.com/JeromeWiesemann/Quantum-key-distribution-secure-key-rate-simulation-1-decoy-BB84 [108] H.-K. Lo and J. Preskill. Phase randomization improves the security of quantum key distribution, 2005, 10.48550/arXiv.quant-ph/0504209. https://doi.org/10.48550/arXiv.quant-ph/0504209 arXiv:quant-ph/0504209Cited byCould not fetch Crossref cited-by data during last attempt 2026-03-23 08:18:50: Could not fetch cited-by data for 10.22331/q-2026-03-23-2037 from Crossref. This is normal if the DOI was registered recently. Could not fetch ADS cited-by data during last attempt 2026-03-23 08:18:50: No response from ADS or unable to decode the received json data when getting the list of citing works.This Paper is published in Quantum under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. Copyright remains with the original copyright holders such as the authors or their institutions. AbstractIn recent years, quantum key distribution (QKD) has evolved from a scientific research field to a commercially available security solution, supported by mathematically formulated security proofs. However, since the knowledge required for a full understanding of a security proof is scattered across numerous publications, it has proven difficult to gain a comprehensive understanding of all steps involved in the process and their limitations without considerable effort and attention to detail. Our paper aims to address this issue by providing a rigorous and comprehensive security proof for the finite-size 1-decoy and 2-decoy BB84 protocols against coherent attacks within Renner's entropic uncertainty relation framework. We resolve important technical flaws found in previous works regarding the fixed-length treatment of protocols and the careful handling of acceptance testing. To this end, we provide various technical arguments, including an analysis accounting for the important distinction of the 1-decoy protocol where statistics are computed after error correction, along with a slight improvement of the secure-key length. We also explicitly clarify the aspect of conditioning on events, addressing a technical detail often overlooked and essential for rigorous proofs. We extensively consolidate and unify concepts from many works, thoroughly discussing the underlying assumptions and resolving technical inconsistencies. Therefore, our contribution represents a significant advancement towards a broader and deeper understanding of QKD security proofs.Featured image: Structure of the security proof for decoy-state BB84 presented in this work.► BibTeX data@article{Wiesemann2026consolidated, doi = {10.22331/q-2026-03-23-2037}, url = {https://doi.org/10.22331/q-2026-03-23-2037}, title = {A consolidated and accessible security proof for finite-size decoy-state quantum key distribution}, author = {Wiesemann, Jerome and Krause, Jan and Tupkary, Devashish and L{\"{u}}tkenhaus, Norbert and Rusca, Davide and Walenta, Nino}, journal = {{Quantum}}, issn = {2521-327X}, publisher = {{Verein zur F{\"{o}}rderung des Open Access Publizierens in den Quantenwissenschaften}}, volume = {10}, pages = {2037}, month = mar, year = {2026} }► References [1] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978, 10.1145/359340.359342. https://doi.org/10.1145/359340.359342 [2] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976, 10.1109/TIT.1976.1055638. https://doi.org/10.1109/TIT.1976.1055638 [3] N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203–209, 1987, 10.1090/S0025-5718-1987-0866109-5. https://doi.org/10.1090/S0025-5718-1987-0866109-5 [4] V. S. Miller. Use of elliptic curves in cryptography. In H. C. Williams, editor, Advances in Cryptology — CRYPTO '85 Proceedings, pages 417–426, Berlin, Heidelberg, 1986.