Direct and Reverse Secret-Key Capacities of a Quantum Channel

We define the direct and reverse secret-key capacities of a memoryless quantum channel as the optimal rates that entanglement-based quantum key distribution protocols can reach by using a single forward classical communication (direct reconciliation) or a single feedback classical communication (reverse reconciliation). In particular, the reverse secret-key capacity can be positive for antidegradable channels, where no forward strategy is known to be secure. This property is explicitly shown in the continuous variable framework by considering arbitrary one-mode Gaussian channels.

💡 Research Summary

The paper introduces two novel capacities for a memoryless quantum channel 𝒩: the direct secret‑key capacity K→(𝒩) and the reverse secret‑key capacity K←(𝒩). Both are defined in the context of entanglement‑based quantum key distribution (QKD) but differ in the direction of the single classical communication allowed. In the direct scenario, Alice sends quantum states through 𝒩, Bob measures them, and a single forward classical message from Bob to Alice is used for error correction and privacy amplification. In the reverse scenario, Bob measures first, sends a single feedback message to Alice, and Alice adapts her system accordingly.

Mathematically, the capacities are expressed as asymptotic rates of the achievable secret‑key bits per channel use, optimized over all possible entanglement‑generation and decoding maps under the respective communication constraint. The authors prove that K←(𝒩) can be strictly larger than the quantum capacity Q(𝒩) and the private capacity P(𝒩), and crucially, that K←(𝒩) may be positive even for antidegradable channels where Q(𝒩)=0 and no forward‑reconciliation protocol is known to be secure.

To illustrate these abstract results, the paper focuses on continuous‑variable (CV) systems and studies arbitrary one‑mode Gaussian channels, which are fully characterized by a transmission coefficient η and an added noise ν (or equivalently, by the mean thermal photon number). The authors derive explicit formulas for K→ and K← across the whole parameter space. They show that for highly lossy channels (η ≪ 1) with moderate noise, the reverse secret‑key capacity remains positive, whereas the direct capacity drops to zero. This demonstrates that reverse reconciliation can recover secure key generation in regimes previously thought insecure.

Upper bounds on K← are obtained by introducing a suitable auxiliary channel and employing a “reverse‑coherent‑information” quantity, while lower bounds on K→ are constructed using specific Gaussian encoding‑decoding schemes that resemble standard CV‑QKD protocols but are constrained to a single forward classical message. The analysis reveals a clear hierarchy: K← ≥ max{Q, P} ≥ K→, with strict inequalities in many practical cases.

The paper concludes by emphasizing the operational significance of feedback in quantum cryptography. Reverse reconciliation not only expands the set of channels that can be used for QKD (including antidegradable ones) but also offers a practical advantage for long‑distance or high‑loss scenarios such as satellite‑to‑ground links and fiber‑optic networks with limited classical bandwidth. The authors suggest several avenues for future work, including extensions to multimode Gaussian channels, non‑Gaussian noise models, and experimental implementations of optimal reverse‑reconciliation protocols.