Papers
Topics
Authors
Recent
Search
2000 character limit reached

Entanglement-Based Authenticated QKD

Updated 5 July 2026
  • Entanglement-Based Authenticated QKD is a quantum key distribution method that uses entangled photon pairs with authenticated classical channels to protect against man-in-the-middle attacks.
  • Protocols range from standard QKD with assumed authentication to advanced EAQKD that integrates mechanisms like Wegman–Carter and HEPUF for self-renewing security.
  • EAQKD implementations employ methods such as Bell-test verification, covariance-matrix analysis, and device-independent proofs to achieve secure key rates in diverse experimental settings.

Searching arXiv for recent and relevant papers on Entanglement-Based Authenticated Quantum Key Distribution. Entanglement-Based Authenticated Quantum Key Distribution (EAQKD) denotes quantum key-distribution schemes in which the secrecy resource is distributed through entanglement, while the public discussion required for sifting, parameter estimation, error correction, and privacy amplification is protected by authentication. In the literature represented here, the term covers two closely related but distinct settings: standard entanglement-based QKD protocols that assume a public authenticated classical channel, and more explicit constructions that incorporate or bootstrap information-theoretic authentication as part of the protocol design itself (Liu et al., 2022, Mohamed et al., 2 Mar 2026, Laurent-Puig et al., 6 May 2026). The common structure is that entanglement supplies the raw nonclassical correlations, whereas authentication prevents man-in-the-middle substitution on the classical channel.

1. Terminological scope and protocol classes

A recurring distinction in the literature is between entanglement-based QKD with assumed authentication and EAQKD in the stricter sense of integrated authentication engineering. The former category includes high-dimensional dispersive-optics QKD over fiber, entanglement-based BBM92 with a stationary memory qubit, and finite-key BBM92 satellite analyses; these works explicitly operate in the standard QKD setting where Alice and Bob share an authenticated classical channel, but they do not present a new authentication primitive (Liu et al., 2022, Kobel et al., 2021, Sidhu et al., 12 Feb 2026). The latter category includes protocols that explicitly model Wegman–Carter authentication, authentication-key refresh, or hardware-based authentication bootstrapping (Mohamed et al., 2 Mar 2026, Laurent-Puig et al., 6 May 2026).

Protocol class Representative papers Authentication role
Entanglement-based QKD with standard authentication assumption (Liu et al., 2022, Kobel et al., 2021, Sidhu et al., 12 Feb 2026) Public classical channel is assumed authenticated
Integrated authenticated entanglement-based QKD (Mohamed et al., 2 Mar 2026) Wegman–Carter authentication is built into all classical exchanges
Authentication bootstrap without pre-shared secret (Laurent-Puig et al., 6 May 2026) HEPUF generates the initial key used for classical authentication
Device-independent entanglement-based key exchange with explicit seed authentication (Nadlinger et al., 2021) Short shared seed supports message authentication and related control tasks

This usage pattern shows that “authenticated” does not always mean that authentication is derived from entanglement itself. In several papers, the entanglement-based protocol remains conceptually separate from the authentication layer, even when the overall system is described as EAQKD (Liu et al., 2022, Kobel et al., 2021). By contrast, the 2026 EAQKD work treats authentication overhead as a first-class protocol component rather than an external assumption (Mohamed et al., 2 Mar 2026).

2. Core protocol architectures

The canonical architecture is Bell-pair distribution followed by local measurement, sifting, reconciliation, and privacy amplification. The 2026 EAQKD proposal adopts a BBM92-style entanglement-based design using the singlet Bell state

ψ=12(0110),|\psi^-\rangle = \frac{1}{\sqrt{2}}(|01\rangle - |10\rangle),

with asymmetric basis choice pz=0.9p_z = 0.9 and px=0.1p_x = 0.1, σz\sigma_z for key generation, σx\sigma_x for parameter estimation, rate-adaptive LDPC error correction, Toeplitz hashing for privacy amplification, and explicit authentication-key refresh from the newly generated secret key (Mohamed et al., 2 Mar 2026).

A second major architecture is high-dimensional time-energy entanglement QKD in the dispersive-optics QKD (DO-QKD) family. In the 242 km fiber demonstration, correlated signal-idler photon pairs are generated by spontaneous four-wave mixing in a 280 m dispersion-shifted fiber, encoded in time and frequency bases, and measured using nonlocal dispersion cancellation rather than phase-stabilized Franson interferometers during key generation. The protocol divides the detection timeline into frames, slots, and bins; a frame contains M=2DM = 2^D slots, a slot contains II bins, and the remaining slot number becomes the raw key symbol after frame and bin matching. In the reported experiment, the chosen dimension is effectively D=3D=3 with I=3I=3 (Liu et al., 2022).

A third architecture uses tripartite GHZ-type entanglement as a two-way extension of E91. In that protocol, Bob prepares Φbc+\Phi^+_{bc}, Alice appends a qubit pz=0.9p_z = 0.90 in pz=0.9p_z = 0.91, applies a two-qubit gate pz=0.9p_z = 0.92 to pz=0.9p_z = 0.93, and sends qubit pz=0.9p_z = 0.94 back to Bob. Bob then applies pz=0.9p_z = 0.95 to pz=0.9p_z = 0.96, decodes the transmitted bit on pz=0.9p_z = 0.97, and uses the residual entanglement to perform an E91-style Bell test on pz=0.9p_z = 0.98 and pz=0.9p_z = 0.99. The protocol estimates that after px=0.1p_x = 0.10 repetitions, with px=0.1p_x = 0.11 transmitted qubits total, the shared key length is approximately px=0.1p_x = 0.12, compared with px=0.1p_x = 0.13 for standard E91 under the same px=0.1p_x = 0.14-qubit transmission budget (Pastorello, 2017).

A fourth variant is the fully passive entanglement-based QKD scheme in which the random seed for privacy amplification is extracted from measurement-basis-mismatched entangled photon pairs that would ordinarily be discarded. In that construction, passive optical elements are used both for entangled-pair generation and basis choice, and the mismatched string px=0.1p_x = 0.15 is converted into a certified random seed px=0.1p_x = 0.16 through entropy estimation and extraction (Liu et al., 2021). This does not replace authenticated public discussion, but it reduces dependence on an auxiliary random-number generator.

3. Authentication mechanisms and trust bootstrapping

The classical authentication problem is central because unprotected public discussion permits a man-in-the-middle attack even when the quantum channel is secure. The integrated EAQKD model therefore authenticates basis reconciliation, parameter estimation, error-correction transcripts, and privacy-amplification coordination using Wegman–Carter authentication: px=0.1p_x = 0.17 with forging probability bounded as

px=0.1p_x = 0.18

In the same framework, part of the newly generated key is reserved as px=0.1p_x = 0.19 so that authentication becomes self-renewing across rounds (Mohamed et al., 2 Mar 2026).

A more radical solution is the Hybrid Entangled Physical Unclonable Function (HEPUF) construction, which removes the usual assumption of a pre-shared authentication key. In this model, the HEPUF authentication subroutine generates an information-theoretically secure initial key σz\sigma_z0, later partitioned as σz\sigma_z1. The HEPUF failure probability is bounded by

σz\sigma_z2

and the extracted initial-key length is derived through a Leftover Hash Lemma bound. The stated goal is a fully authenticated EB-QKD protocol with unconditional security under minimal explicit hardware assumptions, rather than under a pre-shared-secret assumption (Laurent-Puig et al., 6 May 2026).

Device-independent entanglement-based key exchange occupies an intermediate position. The trapped-ion DIQKD experiment assumes an initial shared secret seed σz\sigma_z3, mostly reusable, and uses it for privacy amplification, message authentication, key activation, and encrypting short classical control messages by one-time pad. The implementation starts with a shared key of length 1,203,422 bits, consumes only 256 bits total private key material, and generates 95,884 new secret bits, yielding a net extension of 95,628 bits (Nadlinger et al., 2021).

By contrast, several experimentally important entanglement-based systems retain the standard assumption of a public but authenticated classical communication channel. This is stated explicitly for the 242 km DO-QKD demonstration, the memory-qubit BBM92 experiment, and the satellite BBM92 finite-key analysis (Liu et al., 2022, Kobel et al., 2021, Sidhu et al., 12 Feb 2026). This suggests that, in much of the current literature, authentication remains the principal systems-level boundary between “entanglement-based QKD” and “fully specified EAQKD.”

4. Entanglement certification and security proof methods

EAQKD does not rely on a single security methodology. One major line uses Bell-inequality violation as the primary eavesdropping test. In the GHZ-type two-way protocol, the CHSH inequality is the main detector of disturbance, and the device-independent lower bound is written as

σz\sigma_z4

with key rate per transmitted qubit estimated as σz\sigma_z5 (Pastorello, 2017). In the trapped-ion DIQKD experiment, Bell-test rounds are analyzed through the CHSH game with σz\sigma_z6, and the secrecy proof uses the entropy accumulation theorem to lower-bound the smooth min-entropy against arbitrary quantum adversaries with device memory (Nadlinger et al., 2021).

A second line uses covariance-matrix and phase-error analyses rather than Bell violation as the security proof core. The 242 km DO-QKD experiment uses the secure-key-capacity expression

σz\sigma_z7

and explicitly states security against Gaussian collective attacks using the time-frequency covariance-matrix formalism. In that setting, the CHSH violation and Franson visibilities are entanglement witnesses, but not the basis of the security proof (Liu et al., 2022). The earlier finite-key DO-QKD security analysis extends this framework to finite size and gives a positive secure-key rate for eight-dimensional systems once σz\sigma_z8 coincidences are accumulated, with secure operation over more than 200 km of fiber under the modeled conditions (Lee et al., 2013).

A third line is Koashi–Preskill-style entanglement-based security with randomness certification. In the memory-qubit BBM92 experiment, secrecy is analyzed in a device-dependent setting with an uncharacterized source on Alice’s side and characterized detectors on Bob’s side. Randomness is certified by Bell-violation-derived min-entropy, using the measured CHSH value σz\sigma_z9 to obtain an asymptotic lower bound σx\sigma_x0 bits per sifted key bit (Kobel et al., 2021).

The fully passive EB-QKD proposal remains within phase-error-based security. It lower-bounds the entropy of the mismatched-basis string by

σx\sigma_x1

so that privacy-amplification seed material is derived from the protocol itself rather than from a separate random-number generator (Liu et al., 2021).

5. Experimental realizations and reported performance

Long-distance fiber EAQKD-relevant operation has been demonstrated most prominently in high-dimensional DO-QKD. Using 223 km of SMF spools plus a 19 km deployed fiber segment, the 242 km experiment verified Franson-type interference with raw visibilities of σx\sigma_x2 and σx\sigma_x3 in two non-orthogonal bases, and measured a CHSH parameter σx\sigma_x4. The system operated continuously for more than 7 days without active polarization or phase calibration and produced secure key rates of 0.22 bps in the asymptotic regime and 0.06 bps in the finite-size regime, corresponding to 34,905 finite-size secure bits after 169 hours of data collection (Liu et al., 2022).

Entanglement-based BBM92 with a stationary memory qubit has also been realized experimentally. In that architecture, a trapped σx\sigma_x5 ion acts as the stationary qubit and entanglement source, while the flying qubit is a transmitted single photon. The experiment reports σx\sigma_x6, atom-photon state fidelity σx\sigma_x7, sifted key rate σx\sigma_x8 Hz, sifted key bits per channel use σx\sigma_x9, QBER M=2DM = 2^D0 after timing gating, and an asymptotic secret-key rate of about M=2DM = 2^D1 Hz (Kobel et al., 2021).

The most stringent end-to-end entanglement-based implementation with explicit authentication is presently the trapped-ion DIQKD experiment. It generated 95,884 key bits from 1.5 million Bell pairs during about 8 hours of runtime, with remote entangled ion-pair fidelity M=2DM = 2^D2, characterization Bell violation M=2DM = 2^D3, and QBER M=2DM = 2^D4. Its security claim is device-independent and composable, and its classical layer includes universal-hash-based authentication supported by a small shared seed (Nadlinger et al., 2021).

Performance-oriented EAQKD simulation studies complement these experiments. The 2026 integrated EAQKD simulation reports M=2DM = 2^D5 increasing from M=2DM = 2^D6 at 10 km to M=2DM = 2^D7 at 200 km, M=2DM = 2^D8 from M=2DM = 2^D9 to II0, and secure key rate falling from II1 bit/s at 10 km to II2 bit/s at 200 km. The same study reports Wegman–Carter authentication cost of about 4–6% of the final key at short distances and about 12–15% at 200 km, and gives a repeater-assisted figure of about II3 bit/s at 300 km (Mohamed et al., 2 Mar 2026).

The HEPUF-authenticated EB-QKD experiment focuses directly on the authentication bootstrap problem. In Scenario 1, the reported secret-key rates are 0.381 bps at 30 dB total attenuation, 0.310 bps at 40 dB, and 0.270 bps at 50 dB, with QBERs of 0.56%, 0.52%, and 0.55%. In Scenario 2, where the initial HEPUF key is used only for authentication, the reported secret-key rates increase to 4.79 bps at 30 dB, 4.28 bps at 40 dB, and 1.19 bps at 50 dB, with QBERs of 0.45%, 0.51%, and 0.51% (Laurent-Puig et al., 6 May 2026).

6. Networks, satellite operation, and unresolved issues

EAQKD is increasingly treated as a networked systems problem rather than as an isolated point-to-point protocol. The 242 km DO-QKD demonstration emphasizes compatibility with ordinary G.652 fiber, C-band telecom infrastructure, DWDM filtering, and passive operation, and explicitly positions the result as a step toward large-scale quantum communication networks (Liu et al., 2022). The memory-qubit BBM92 experiment argues that a matter-photon interface is naturally compatible with quantum repeaters and estimates that a clock-transition memory qubit could allow nonzero key rates for storage times up to about II4, corresponding to an equivalent distance of about 400 km in a repeater-like scenario, ignoring other losses (Kobel et al., 2021).

For space-based EAQKD, finite-key effects are especially severe because secret bits are generated only from coincident detections. The satellite BBM92 study models a circular LEO source distributing entangled pairs to two ground stations over an authenticated classical post-processing channel, and finds that at II5 keys are generated up to about II6 separation, corresponding to about 36.8% of the maximum viewable distance. For the baseline II7 configuration it estimates an annual key of II8, while stressing the strong dependence on overpass geometry, diffraction loss, background noise, and coincidence statistics (Sidhu et al., 12 Feb 2026).

Systems modeling has also become part of the EAQKD landscape. NASA’s NQCAS-oriented Monte Carlo model simulates E91 bit generation, Cascade reconciliation, and ParityHash privacy amplification, producing link-budget outputs such as raw key rate, raw QBER, calculated II9 value, reconciled key rate, and secret key rate. The model is explicitly valuable for EAQKD-relevant performance prediction, but it does not model explicit classical-channel authentication (Kuban et al., 14 Jan 2025).

Several unresolved issues recur across the field. First, a large fraction of entanglement-based QKD papers still assume authenticated public discussion rather than deriving it from the quantum layer itself (Liu et al., 2022, Kobel et al., 2021, Sidhu et al., 12 Feb 2026). Second, some “authenticated” extensions provide only qualitative or semi-quantitative security analyses rather than modern unconditional proofs; this is explicit in the GHZ-type two-way extension of E91 (Pastorello, 2017). Third, there remains a sharp methodological divide between device-dependent, covariance-matrix, and device-independent security frameworks (Liu et al., 2022, Kobel et al., 2021, Nadlinger et al., 2021). The recent HEPUF work addresses the bootstrap problem directly, but does so under a specific hardware trust model involving a tamper-proof box and device unclonability rather than under a device-independent assumption (Laurent-Puig et al., 6 May 2026).

Taken together, these works define EAQKD as a layered discipline: entanglement distribution supplies the quantum correlations, authentication protects the public discussion, and practical viability depends on finite-key analysis, loss management, detector engineering, and—at network scale—the ability to account explicitly for authentication cost rather than treating it as a free resource (Mohamed et al., 2 Mar 2026).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Entanglement-Based Authenticated Quantum Key Distribution (EAQKD).