Entropy Accumulation Theorems

Updated 17 March 2026

Entropy accumulation theorems are mathematical frameworks that quantify operational randomness in sequential quantum or classical processes.
They enable rigorous device-independent and device-dependent security reductions for cryptographic protocols such as quantum key distribution and randomness expansion.
Advanced formulations incorporate generalized and marginal-constrained variants with finite-size corrections via convex optimization for practical security guarantees.

Entropy accumulation theorems (EATs) establish that the operational entropy—quantifying uncertainty or randomness—generated by sequential quantum or classical processes accumulates in a controlled manner. These theorems provide rigorous device-independent and device-dependent security reductions and finite-size corrections for quantum key distribution (QKD), randomness expansion, and other cryptographic tasks. Modern EATs, including their generalized and marginal-constrained variants, relate smooth min-entropy to per-round conditional entropies and enable translation of collective attack security proofs into composable security guarantees against general attacks.

1. Mathematical Formulation and Core Concepts

The EAT framework considers a sequence of quantum channels

$\mathcal{M}_i: R_{i-1} \to A_iR_iE_i$

or, in its most general form,

$\mathcal{M}_i: R_{i-1}E_{i-1} \to A_iR_iE_i,$

with $A_i$ the output (typically quantum or classical), $E_i$ side information held by an adversary, and $R_i$ internal registers. The sequential process, starting from $\rho^0_{R_0 E_0}$ , iteratively applies the channels over $n$ rounds, yielding a final state $\rho_{A^nE_n}$ .

The accumulated smooth min-entropy for the sequence, $H_{\min}^\varepsilon(A^n|E_n)_\rho$ , is lower-bounded by a sum of per-round (conditional von Neumann or Rényi) entropies plus explicit, typically sublinear, finite-size corrections.

A key structural requirement in classical EATs is a Markov chain: $A_1^{i-1} \leftrightarrow B_1^{i-1}E \leftrightarrow B_i$ or, in generalized forms, a non-signaling constraint: $\mathrm{Tr}_{A_iR_i} \circ \mathcal{M}_i = \mathcal{T}_i \circ \mathrm{Tr}_{R_{i-1}}$ ensuring output and side information update "causality" resembling no-backward-flow conditions (Metger et al., 2022, Dupuis et al., 2016).

Conditional Rényi entropies of order $\alpha$ are defined via sandwiched Rényi divergences,

$D_\alpha(\rho\Vert\sigma) = \frac{1}{\alpha-1} \log \mathrm{Tr}\left[(\sigma^{\frac{1-\alpha}{2\alpha}} \rho \sigma^{\frac{1-\alpha}{2\alpha}})^\alpha\right],$

$H_\alpha(A|B)_\rho = -D_\alpha(\rho_{AB}\Vert I_A\otimes\rho_B),$

and $H_\alpha^\uparrow(A|B)_\rho$ as the supremum over $B$ -[subsystem] states.

2. Entropy Accumulation Theorems: Standard, Generalized, and Marginal-Constrained

Standard EAT (Dupuis–Fawzi–Renner): For a protocol modeled with Markov conditions and an affine min-tradeoff function $f$ , the smooth min-entropy is lower-bounded as

$H_{\min}^\varepsilon(A_1^n|B_1^nE)_{\rho|\Omega} \geq n h - c\sqrt{n} - c'$

where $h$ is a worst-case single-round entropy rate over the post-selected event $\Omega$ , and the leading correction $c\sim O(1)$ depends on function variance, system dimensions, and $\varepsilon$ (Dupuis et al., 2016, Dupuis et al., 2018).

Generalized EAT (GEAT) (Metger–Renner): Relaxes the Markov conditions to a non-signaling requirement, allowing richer adversarial side-information updates. The main result is

$H_{\min}^\varepsilon(A^n|E_n)_\rho \geq \sum_{i=1}^n \inf_{\omega_{i-1}} H(A_i|E_i\tilde{E}_{i-1})_{\mathcal{M}_i(\omega_{i-1})} - O(\sqrt{n})$

with the extension $\tilde{E}_{i-1}$ forming a purification, and side information that may adapt in each round (Metger et al., 2022).

Marginal-Constrained EAT (MEAT): Introduces marginal constraints for prepare-and-measure settings: the entropy bound accumulates while enforcing a fixed marginal per round, directly capturing source replacements as required in PM-QKD protocols (Arqand et al., 4 Feb 2025). MEAT's chain rule,

$H_\alpha^\uparrow(\mathcal{E}_2 \!\circ\! \mathcal{E}_1,X_1X_2,[\psi\otimes\phi]) \geq H_\alpha^\uparrow(\mathcal{E}_1,X_1,[\psi]) + H_\alpha^\uparrow(\mathcal{E}_2,X_2,[\phi]),$

underpins robust security for adaptive protocols and supports fully adaptive per-round tradeoff functions.

EAT Variant	Side-Information Update	Typical Use
Standard EAT	Markov (static/leaky)	DI/characterized QKD
Generalized EAT	Non-signaling, dynamic	PM-QKD, expansion
Marginal-constrained EAT	Marginal/state-constrained	PM-QKD, adaptive PE

3. Tradeoff Functions, Numerical Construction, and Convex Programs

Min-tradeoff functions $f:\mathcal{P}(\mathcal{X}) \to \mathbb{R}$ are critical in all EATs. For an affine $f(q) = g\cdot q + k$ ,

$f(q) \leq \inf_{\nu \in \Sigma(q)} H(A|B)_{\nu}$

must hold for all possible single-round outputs.

Construction of optimal or tight min-tradeoff functions generally proceeds via convex optimization—often SDPs—that leverage the problem structure (e.g., the Choi matrix parametrization of possible attacks in QKD) (Metger et al., 2022, Kamin et al., 2024, Mironowicz et al., 23 Jun 2025). Refinements for decoy-state QKD and finite-size scaling are achieved by embedding yield constraints, integrating single-round relative entropy terms directly into the optimization, and employing dual-SDP methods for analytic computation of the optimal $g$ . The improved second-order corrections involve the divergence variance of the entropy functional (Dupuis et al., 2018).

The Quantum Estimation Score (QES) or $f$ -weighted Rényi-entropy approach replaces affine tradeoff functions with per-round adaptively chosen estimation rates, resulting in convex programs that yield both optimal asymptotic and finite-size bounds (Arqand et al., 2024).

4. Finite-Size Corrections and Improved Scalings

Early EATs exhibit finite-size corrections scaling as $O(\sqrt{n})$ , governed primarily by entropy variance and the slope (Lipschitz constant) of the min-tradeoff function: $H_{\min}^\varepsilon(\cdot) \geq n h - O(\sqrt{n} V)$ with $V$ a dimension- and tradeoff-variance-dependent term (Dupuis et al., 2018).

Limitations arise when parameter estimation is based on sparsely sampled rounds ( $\gamma \ll 1$ ): naive bounds scale as $O(\sqrt{n}/\gamma)$ and become vacuous for small $\gamma$ . The improved EAT (Dupuis et al., 2018) and recent convex-analytic approaches (Arqand et al., 2024) reduce this to $O(\sqrt{n V})$ scaling, with $V$ scaling as $1/\sqrt{\gamma}$ , applicable even in decoy-state and sampling-limited regimes.

The Generalized Rényi-EAT (GREAT) (Arqand et al., 2024) achieves $O(1)$ finite-size corrections by circumventing explicit tradeoff function construction, instead using QES-based entropy rates: $H^\uparrow_\alpha(\dots) \geq n h_{\hat\alpha} - O(1)$ where the rate constant is the solution to a convex optimization, leading to demonstrable $20$-- $40\%$ finite-size improvements in practical QKD and DI randomness expansion settings.

5. Applications: Quantum Key Distribution, Randomness Expansion, and Beyond

EAT and its generalizations are foundational in rigorous security proofs for quantum cryptography and related fields. The paradigmatic applications include:

Device-independent QKD and randomness expansion: Asserts composable security against general attacks, requiring no detailed device trust (Dupuis et al., 2016, George et al., 2022, Merkulov et al., 2023). EATs underpin robust key- and randomness-rate guarantees.
Prepare-and-measure QKD: Through GEAT and MEAT, generic PM protocols, including decoy-state schemes, are analyzed without recourse to entanglement-based reduction or de Finetti theorem bounds (Metger et al., 2022, Kamin et al., 2024, Arqand et al., 4 Feb 2025).
Semi-device-independent QRNG: EAT with Shannon-entropy–based (as opposed to min-entropy) tradeoff functions leverages new SDP constructions for higher certified rates (Carceller et al., 2024).
Bounds in Dynamical Systems: EAT-inspired methodologies have facilitated computable upper and lower bounds for Lyapunov exponents in random matrix products, linking information-theoretic and dynamical concepts (Sutter et al., 2019).

6. Advances, Numerical Algorithms, and Software

Recent progress centers on:

Automation and implementation: Python frameworks, such as expdiqrng (Mironowicz et al., 23 Jun 2025), leverage SDP solvers for the automated construction and optimization of min-tradeoff functions and the deployment of the full EAT finite-size pipeline, facilitating key/rate certification for experimental quantum protocols.
Convex program automation: Modern theoretical formulations integrate dual-SDP methods for direct rate optimization, Frank-Wolfe algorithms for stability in decoy-state QKD, and analytical LPs for fast parameter scans (Kamin et al., 2024).
Parameter estimation strategies: MEAT and GREAT allow fully adaptive, "quantum probability estimation"–style protocols, with per-round updating of tradeoff functions based on observed statistics and without repetition-rate or virtual tomography limitations (Arqand et al., 4 Feb 2025, Arqand et al., 2024).

7. Open Directions and Limitations

Open problems for entropy accumulation frameworks include:

Fully quantum side-information with marginal constraints: Current MEAT approaches do not yet yield sharp accumulation results when conditional memory registers are nontrivially quantum—extension to this regime is an active area (Arqand et al., 4 Feb 2025).
Extension to continuous-variable protocols and simultaneous device-independent/marginal-constrained scenarios.
Optimization of finite-size regret terms and fast solvers for high-dimensional QKD numerics.
Practical efficiency and parameter tightness: Integrating further QPE/QEF frameworks and $f$ -weighted entropy techniques to optimize key rates at moderate blocklengths (Arqand et al., 2024).

Entropy accumulation theorems form the mathematical foundation of modern quantum cryptographic security proofs, evolving rapidly to address increasingly general adversarial models, adaptive protocols, and high-throughput applications, with ongoing refinements in both analytic and implemented approaches (Metger et al., 2022, Dupuis et al., 2018, Arqand et al., 4 Feb 2025, Arqand et al., 2024, Dupuis et al., 2016).