- The paper demonstrates how incorporating multiple routed Bell tests and decoy strategies substantially lowers the BSM efficiency requirement from ~15% to ~4.7%.
- It employs convex decomposition of Bell violations to rigorously model adversarial attacks and establish entropy-based security bounds.
- The study extends the protocol to semi-device-independent settings, broadening its applicability for practical and long-distance quantum cryptography.
Improving DI-QKD Protocols via Multiple Routed Bell Tests
Introduction and Motivation
Device-independent quantum key distribution (DI-QKD) aims to achieve information-theoretic security without any detailed characterization of the physical devices involved, relying fundamentally on observed nonlocal correlations certified through Bell tests. The practical deployment of DI-QKD remains constrained by the efficiency requirements of long-distance quantum communication, notably the low detection efficiencies encountered in Bell-state measurement (BSM) units over large separations. This work addresses these practical limitations by proposing a DI-QKD protocol that leverages multiple entanglement sources and measurement devices, orchestrated through multiple routed Bell tests, incorporating so-called decoy Bell tests (DBTs). The primary objective is to reduce the critical BSM efficiency required for secure key generation, thereby extending the operational reach of DI-QKD protocols.
Figure 1: The routed Bell test with a distant BSM and local CHSH tests, as proposed in Koßmann et al. [kossmann2025routed], can be used to generate key using local tests while maintaining device-independence.
Protocol Architecture: Routing and Decoy Bell Tests
The paper formalizes a scenario involving N entanglement sources and measurement devices per party, with quantum states being probabilistically routed either to a local test device or to a distant BSM. Crucially, switching decisions are shielded from both the devices and sources to prevent adversarial leakage. Each round, the protocol performs local CHSH-type Bell tests on one or more randomly selected local devices (DBTs), even when a successful projection in the BSM occurs (z=1).
Figure 2: Schematic of DBT protocol in which local tests are performed on randomly chosen devices in every round, regardless of BSM outcome; double-switching prevents device-side path information leaks.
This design prevents an adversary from selectively routing ideal rounds for key generation while diverting non-ideal ones for Bell testing—thus closing the so-called "source loophole" present in earlier routed Bell test schemes.
Security Analysis and Key Rate Improvements
The work rigorously models adversarial strategies using convex decompositions of observed Bell violations into ideal and local-value components, bounding Eve's potential knowledge through entropy measures. For local CHSH values S=2.77, it is demonstrated that increasing the number of sources (N) and deploying corresponding DBTs can reduce the required critical BSM efficiency from ∼15% to as low as ∼4.7% for a 3-port BSM. This is a marked improvement over protocols omitting DBTs, and the effect is more pronounced at high visibilities (i.e., low QBER).
Figure 3: Key rate vs. BSM efficiency, with DBTs allowing positive rates down to η≈4.7% for S=2.77 under honest Werner state assumptions.
This advantage arises because DBTs force the adversary to maintain high local Bell violations even in key-generating rounds, dramatically restricting the set of effective attacks at the cost of only moderate resource overhead (additional sources and measurement devices).
Figure 4: Theoretical upper bounds on key rates as a function of observed CHSH value S at ideal efficiency (η=1), relevant both for DI-QKD and SDI settings.
The work also provides analytic expressions for the relation between z=10, DBT count, and key rate lower bounds, with performance asymptotically reaching the local Bell value in the large-z=11 limit.
Semi-Device-Independent Extensions
The analysis is further extended to semi-device-independent (SDI) protocols using routed dimension witnesses. Here, the principal assumption is bounded Hilbert space dimension (qubit sources), verified using CHSH-like dimension witnesses. By mirroring the DBT strategy, the protocol can robustly guarantee key security under partial device assumptions, echoing results from MDI-QKD but with the benefit of self-testing-like certification.
Figure 5: Both Alice and Bob use qubit-bounded sources and routed witnesses, generalizing the routing approach to the SDI setting.
The analysis shows that, without independence assumptions between sources, the effectiveness of the protocol in adversarial settings is bounded in a manner tightly analogous to the DI-QKD case.
Practical and Theoretical Implications
The primary implication is that DBT-augmented routing protocols bridge the experimental practicality gap for DI-QKD, especially in regimes where BSM efficiency is the principal bottleneck. This could shift the experimental focus toward short-range, high-efficiency local setups, relegating BSM detection losses to a minor role. The technique provides a generic blueprint for extending DI security assurances in quantum networks and may be adapted to conference-key and many-party cryptographic scenarios. Theoretical implications include a refined adversarial model for routed protocols and new bounds for key distillation based on convex combination attacks.
By shifting the critical security reserve from the long-range BSM to local CHSH violations—readily accessible in laboratory conditions with high-efficiency detectors—this scheme delineates a viable roadmap for practical DI-QKD deployment.
Conclusion
The proposed protocol substantially reduces critical detection efficiency requirements in DI-QKD by combining multiple routed Bell tests with local decoy testing. The observed improvement of z=12 in BSM efficiency thresholds, verified via detailed entropy analysis and adversarial strategies, positions this class of protocols as candidates for long-distance, loophole-free quantum cryptography. Extension to SDI protocols further broadens the practical applicability. Future research should focus on experimental implementation of such routing architectures, scaling to higher z=13, integration with quantum networks, and refined security proofs accounting for finite statistics.