Simple explanation on why QKD keys have not been proved secure

A simple counter-example is given on the prevalent interpretation of the trace distance criterion as failure probability in quantum key distribution protocols. A summary of its ramifications is listed. Quantum key distribution (QKD) is widely perceived to have been proved “secure” in various protocols, in contrast to conventional encryption methods. In particular, perfect security is taken to hold with a high probability [1] for finite concrete protocols. In this short note we give a simple explanation on why that is not the case and summarize some of the major ramifications. The reader can trace some details from the literature. Protection of data privacy has become an increasingly important problem that affects even our daily lives. Let Adam and Babe be two users with private communications and Eve an attacker who wants to learn about the communication content. Protection can be obtained by the mod-2 addition of each “plaintext” data bit Xi by a key bit Ki to form the “ciphertext” bit Yi, i the index for the sequence. If the bits Ki are uniformly distributed, i.e., each Ki takes the bit value 0 or 1 with probability 1/2 and is statistically independent of other Ki bits, perfect secrecy on Xi is obtained in that Eve who intercepts the ciphertext cannot tell what Xi is, other than the guess it is 0 or 1 with probability 1/2. This “one-time pad” encryption requires pre-shared sequence K = {Ki} between the users to be as long as the data sequence X = {Xi}, which is impractical in most application situations. In conventional cryptography a cipher with short shared secret key K that is often obtained by public-key method, is used as the seed key of an encryption cypher in lieu of one-time pad. The security of such approach depends on the unproved complexity based security on the public-key generation of K and the unproved security of the encryption cipher with a short seed key. QKD proposes to provide “information theoretic