Defining Security in Quantum Key Distribution

Abstract

The security of quantum key distribution (QKD) is quantified by a parameter $\varepsilon>0$, which -- under well-defined physical assumptions -- can be bounded explicitly. This contrasts with computationally secure schemes, where security claims are only asymptotic (i.e., under standard complexity assumptions, one only knows that $\varepsilon \to 0$ as the key size grows, but has no explicit bound). Here we explain the definition and interpretation of $\varepsilon$-security. Adopting an axiomatic approach, we show that $\varepsilon$ can be understood as the maximum probability of a security failure. Finally, we review and address several criticisms of this definition that have appeared in the literature.