English

One Key Good, L Keys Better: List Decoding Meets Quantum Privacy Amplification

Quantum Physics 2026-03-20 v1 Cryptography and Security

Abstract

We introduce list privacy amplification (LPA), a relaxation of the final step of quantum key distribution (QKD) in which Alice and Bob extract a list of LL candidate keys from a raw string correlated with an eavesdropper Eve, with the guarantee that at least one key is perfectly secret while Eve cannot identify which. This parallels list decoding in error-correcting codes: relaxing unique decoding to list decoding increases the decoding radius; analogously, list extraction increases achievable key length beyond the standard quantum leftover hash lemma (QLHL). Within the abstract cryptography framework, we formalise LPA and prove the \emph{Quantum List Leftover Hash Lemma} (QLLHL): an LL-list of \ell-bit keys can be extracted from an nn-bit source with smooth min-entropy kk iff k+logL2log(1/ϵ)3, \ell \le k + \log L - 2\log(1/\epsilon) - 3, yielding a tight additive logL\log L gain over QLHL. This gain arises because the index of the secure key is chosen after hashing and hidden from Eve, effectively contributing logL\log L bits of entropy. Applying QLLHL to BB84-type QKD, a list size L=2αnL = 2^{\alpha n'} increases the tolerable phase-error threshold from h1(1h(eb))h^{-1}(1 - h(e_b)) to h1(1h(eb)+α)h^{-1}(1 - h(e_b) + \alpha), exceeding the standard 11%\approx 11\% bound for any α>0\alpha > 0. We prove tightness via a matching intercept-resend attack, establish composability with Wegman--Carter authentication, and present two constructions: a polynomial inner-product hash over F2m\mathbb{F}_{2^m} and a Toeplitz-based variant, running in O(nL)O(nL) and O(nLlogn)O(nL \log n) time.

Cite

@article{arxiv.2603.18097,
  title  = {One Key Good, L Keys Better: List Decoding Meets Quantum Privacy Amplification},
  author = {Prateek P. Kulkarni},
  journal= {arXiv preprint arXiv:2603.18097},
  year   = {2026}
}

Comments

18 pages

R2 v1 2026-07-01T11:26:51.722Z