Randomness Extraction via Delta-Biased Masking in the Presence of a Quantum Attacker

Randomness extraction is of fundamental importance for information-theoretic cryptography. It allows to transform a raw key about which an attacker has some limited knowledge into a fully secure random key, on which the attacker has essentially no information. Up to date, only very few randomness-extraction techniques are known to work against an attacker holding quantum information on the raw key. This is very much in contrast to the classical (non-quantum) setting, which is much better understood and for which a vast amount of different techniques are known and proven to work. We prove a new randomness-extraction technique, which is known to work in the classical setting, to be secure against a quantum attacker as well. Randomness extraction is done by XOR’ing a so-called delta-biased mask to the raw key. Our result allows to extend the classical applications of this extractor to the quantum setting. We discuss the following two applications. We show how to encrypt a long message with a short key, information-theoretically secure against a quantum attacker, provided that the attacker has enough quantum uncertainty on the message. This generalizes the concept of entropically-secure encryption to the case of a quantum attacker. As second application, we show how to do error-correction without leaking partial information to a quantum attacker. Such a technique is useful in settings where the raw key may contain errors, since standard error-correction techniques may provide the attacker with information on, say, a secret key that was used to obtain the raw key.

💡 Research Summary

The paper addresses a fundamental gap in information‑theoretic cryptography: while many randomness‑extraction techniques are known to be secure against classical adversaries, only a handful are proven to withstand an adversary that holds quantum side‑information about the raw key. The authors focus on a well‑studied classical extractor—the XOR of a delta‑biased mask—and show that it remains secure in the quantum setting.

The technical core rests on two quantum‑information tools: conditional min‑entropy H_{\min}(X|E) and the quantum leftover‑hash lemma. Given a raw key X and an adversary’s quantum system E with H_{\min}(X|E) ≥ k, the authors consider a mask M drawn uniformly from a δ‑biased set of length n. They prove that the output Y = X ⊕ M satisfies
 ‖ρ_{YE} – τ_{Y} ⊗ ρ_E‖1 ≤ ε,
where ε = δ·2^{(n−k)/2} and τ{Y} is the uniform state on n bits. The proof proceeds by fixing M, averaging the joint state ρ_{XE} over all possible masks, and exploiting the near‑uniformity of every non‑trivial linear combination of the mask bits guaranteed by the δ‑biased property. This yields a state that is almost maximally mixed on Y, independent of E. Crucially, the security bound holds even if the mask is publicly known; the only requirement is that the mask be chosen independently of X and E.

Two concrete applications are explored.

1. Quantum‑Entropically‑Secure Encryption – The authors extend the classical notion of entropically‑secure encryption to quantum adversaries. A short secret key K (ℓ bits) encrypts a long message M by computing C = K ⊕ M ⊕ M_mask, where M_mask is a fresh δ‑biased mask. If the message possesses sufficient quantum min‑entropy relative to the adversary, the ciphertext C is ε‑indistinguishable from uniform, even when the adversary holds quantum side‑information about M. Consequently, the key length ℓ can be far smaller than the message length while still achieving information‑theoretic security against quantum attacks.

2. Leak‑Free Error‑Correction – Standard error‑correction procedures (e.g., syndrome transmission) can leak partial information about a secret key that was used to generate the raw key. By XOR‑masking each syndrome bit with an independent δ‑biased mask, the authors show that the publicly transmitted error‑correction data becomes ε‑close to uniform from the adversary’s quantum perspective. This enables reliable error correction without compromising the secrecy of the underlying key, a property essential for practical quantum‑key‑distribution post‑processing.

The paper also discusses practical considerations. The security parameter ε depends linearly on δ and exponentially on the entropy gap (n−k). Therefore, one must select δ‑biased sets with very small bias (e.g., constructions based on small‑bias linear codes) to keep ε negligible. The mask length n must be at least as large as the raw key length, and the raw key must retain enough min‑entropy after any preprocessing (e.g., sifting in QKD). Re‑use of masks is discouraged unless independence can be guaranteed, as correlated masks would invalidate the bias analysis.

In summary, the authors successfully transplant a classical extractor—delta‑biased XOR masking—into the quantum realm, providing rigorous security proofs and demonstrating its utility in two fundamental cryptographic primitives: short‑key encryption and error‑corrected key reconciliation. This work broadens the toolbox for designing quantum‑resistant, information‑theoretic protocols without requiring entirely new extractor constructions, thereby offering a pragmatic pathway toward secure communication in the emerging quantum era.