Probability Distributions for CSS Codes

• The paper develops a novel framework using random matrix sampling to define probability measures over CSS codes for precise error-correction analysis.
• It employs two-universal hashing functions computed in polynomial time to minimize collision rates and enhance secure key extraction in QKD protocols.
• The analysis quantifies security bounds through explicit marginal distributions and diamond-norm comparisons, linking code parameters to protocol robustness.

Calderbank-Shor-Steane (CSS) codes are a principal family of quantum error-correcting codes defined via pairs of classical linear codes satisfying orthogonality constraints. Recent research has advanced the understanding of how probability distributions over CSS codes—specifically in connection with random matrix constructions, two-universal hashing, and security margins in quantum key distribution (QKD)—can impact both practical implementations and theoretical security guarantees. The characterization and computation of such distributions are crucial for assessing collision probabilities, extracting secret keys, and quantifying protocol robustness under various noise models.

1. Probability Measures Over CSS Codes via Random Matrices

CSS codes are parameterized by two binary parity-check matrices, typically denoted as $H_X$ and $H_Z$, which must satisfy $H_X H_Z^T = 0$ for code orthogonality. The modern approach defines probability measures directly on the space of such codes through random matrix sampling (Rigas, 1 Oct 2025). A random matrix $L$ is chosen uniformly from the space of $2 \times 2$ matrices over $\mathbb{F}_2^n$; a marginal probability distribution $P_L$ is then constructed by selecting a block or column of $L$ to serve as, for example, $H_X$. A secondary distribution $P_M$ is obtained by sampling $M = (L^{-1})^T$ and using its blocks to parameterize $H_Z$. This results in a probability measure on CSS code instances where the parity-check matrices have explicit dependence on the sampled matrix representation.

Such distributional choices enable the computation of marginals, correlations, and error-correction performance statistics for ensembles of CSS codes. The construction forms the foundation for exploring code space properties relevant to cryptographic protocols and computational complexity.

2. Two-Universal Hashing and Parity-Check Matrix Functions

Two-universal hashing refers to families of hash functions $h: \mathcal{X} \rightarrow \mathcal{Y}$ such that for any distinct $x, x' \in \mathcal{X}$, $\Pr_{h}[h(x) = h(x')] \leq 1/|\mathcal{Y}|$. In QKD and quantum error correction, this property ensures low rates of hash collisions, which translates into robust key extraction and efficient syndrome-based error correction.

Within the CSS code framework, the paper constructs two hash functions $g_1$ and $g_2$ as efficiently computable functions of the sampled parity-check matrices (Rigas, 1 Oct 2025). Three isometries—“Real,” “Simulator,” and “Ideal”—are defined to facilitate the evaluation of these functions and maintain tractability when transitioning between protocol stages. The ability to compute $g_1$ and $g_2$ in polynomial time enables both practical implementations and rigorous analysis of collision rates and their impact on protocol security.

3. Security Bounds in QKD Hashing Protocols

Protocol security is directly linked to the properties of the probability distribution over CSS codes and the statistical behavior of the hashing functions. The analysis establishes that the secret key extraction via two-universal QKD hashing, supported by the introduced probability measure, is less secure by a factor of

$$2^{\frac{5}{2} ( 5 - \frac{3}{2} ) + \log_2 \sqrt{C}}$$

for some strictly positive constant $C$ (Rigas, 1 Oct 2025). This security reduction arises from the structure of the sampled isometries and the computational basis decompositions of the purified states (typically constructed in a Bell basis) derived from the random matrix ensemble.

Diamond-norm distance bounds between the “real” and “ideal” protocol implementations are established, quantifying the amount by which the protocol deviates from perfect security, with expressions such as

$$2^{-k/2 + (n/2) h(r/n) + \frac{5}{2}(5 - \frac{3}{2}) + \log_2 \sqrt{C}}$$

where $k$ is the number of syndrome bits, $n$ is the code length, $r$ the number of observed errors, and $h(\cdot)$ the binary entropy function. This formulation links the code parameters, noise levels, and probability measure constants to the overall protocol reliability.

4. Mathematical Structures: Projectors, Bell Basis Decomposition, and Marginals

The construction uses projectors of the form

$$P(g, x) = 2^{-n} \prod_{j=1}^m \left[ I + (-1)^{x_j}g_j \right]$$

which represent projections onto eigenspaces specified by measurement outcomes $x$ for observables $g$. Maximally entangled states and their decompositions into the Bell basis underpin the analysis of protocol purification and syndrome extraction, with sums such as

$$\sum_{\alpha \neq \beta' \in \mathbb{F}_2^n} |\psi_{\alpha, \beta'}\rangle\langle\psi_{\alpha, \beta'}|$$

incorporating shift and phase factors determined by $g_1$ and $g_2$. The marginals defined via $P_L$ and $P_M$ enumerate explicit instances of codewords that satisfy the CSS constraints, equipping the protocol with the probabilistic structure underlying post-processing efficiency and collision estimation.

5. Applications: Error Correction, Key Extraction, and Future Directions

The combination of probability distributions over CSS codes and two-universal hash functions simplifies quantum post-processing in QKD, enabling efficient key extraction in the presence of errors and explicit computation of security margins. Efficient computation of functions associated with the parity-check matrices improves protocol tractability for near-term quantum devices, where computational resources are limited.

Potential future research directions include exploring the trade-off between computational efficiency and unconditional security, investigating whether further probabilistic structure can enhance robustness, and extending these techniques to multi-party error correction and cryptographic settings. The framework is positioned to support optimized quantum communication and cryptography as quantum processors approach practical deployment.

6. Summary Table: Core Mathematical Objects

Object	Role in Distribution/Security	Explicit Expression / Property
Random matrix $L$	Source for probability measure over CSS codes	Uniform sample from $(2 \times 2)$ matrices over $\mathbb{F}_2^n$
Marginal $P_L, P_M$	Distribution for parity-check matrices	$P_M = P_{(L^{-1})^T}$
Two-universal hash $g_{1,2}$	Collision bound computation functions	Polynomial-time functions of parity-check matrices
Projector $P(g, x)$	Syndromic outcome probability / state decomposition	$2^{-n} \prod_j [I + (-1)^{x_j}g_j]$
Security reduction factor	Protocol security quantification	$$2^{ \frac{5}{2} ( 5 - \frac{3}{2} ) + \log_2 \sqrt{C} }$$

These developments provide a rigorous, structure-dependent framework for sampling CSS codes, quantifying error-correction and security in quantum cryptographic protocols, and analyzing the role of probability distributions in both theoretical and applied quantum information science.