# Quantum cryptography theory has a proven security defect

Researchers at Tamagawa University, Quantum ICT Research Institute, announced today that they had proved the incompleteness and limit of the security theory in quantum key distribution. They showed that the present theory cannot guarantee unconditional security.

Until now, the majority of researchers in quantum information science have believed that quantum cryptography (quantum key distribution) can provide unconditional security. The guarantee of its unconditional security is given by the trace distance, which is a quantum version of the evaluation of a mathematical cipher.

However, since 2006, new developments in the field have cast criticism over the meaningful security of cryptography ensured only by the trace distance. Despite these criticisms, many papers have continued to claim that the trace distance guarantees unconditional security in quantum key distribution.

Researchers at Quantum ICT have now succeeded in clarifying a logical path between the present theory and criticisms of it. Consequently, they have proved that the present theory does not work to quantify security, and cannot provide the unconditional security given in Shannon’s theory, the theory that rigorously defines the security for an unbreakable cipher.

The details of this work will be presented at the SPIE conference on Quantum Communication and Quantum Imaging held in San Diego on August 15, 2012.

**Result summary**

Many papers claim that the trace distance, *d*, guarantees unconditional security in quantum key distribution (QKD). In their paper, the researchers explain explicitly the main misconception in the claim of unconditional security for QKD theory.

In general terms, the cause of the misunderstanding in the security claim is the Lemma in Renner’s paper. It suggests that the generation of a perfect random key is assured by the probability (1-*d*), and that its failure probability is *d*.

Thus, it concludes that the generated key provides a perfect random key sequence when the protocol succeeds. In this way QKD provides perfect secrecy (unconditional security) to a type of encryption termed “the one-time pad’.

H. P. Yuen at Northwestern University proved that the trace distance quantity does not give the probability of such an event. If *d* is not small enough, the generated key sequence is never perfectly random. The evaluation of the trace distance now requires reconstruction if it is to be used. However, QKD theory groups have not accepted this criticism, and have invented many upper-bound evaluation theories for the trace distance.

The researchers clarified that the most recent upper bound theories for the trace distance are constructed again by the reasoning of Renner, who originally introduced the concept. It is thus unsuitable to quantify the information theoretic security of QKD, and the unconditional security defined by Shannon is not satisfied.

Consequently, Yuen’s theory is correct, and at present there is no theoretical proof of the unconditional security for any QKD.