Memory effects in device-dependent and device-independent cryptography

TL;DR

This paper discusses how memory effects in quantum cryptography protocols, both device-dependent and device-independent, pose significant challenges to existing security proof techniques, even within single protocol instances.

Contribution

It highlights the difficulties memory effects introduce to security proofs in quantum cryptography and discusses scenarios where these effects compromise protocols' security.

Findings

Memory effects can invalidate non-IID proof techniques.

Memory attacks pose risks even in device-dependent QKD.

Existing proof methods need adaptation to handle memory effects.

Abstract

In device-independent cryptography, it is known that reuse of devices across multiple protocol instances can introduce a vulnerability against memory attacks. This is an introductory note to highlight that even if we restrict ourselves to device-dependent QKD and only consider a single protocol instance, memory effects across rounds are enough to cause substantial difficulties in applying many existing non-IID proof techniques, such as de Finetti reductions and complementarity-based arguments (e.g. analysis of phase errors). We present a quick discussion of these issues, including some tailored scenarios where protocols admitting security proofs via those techniques become insecure when memory effects are allowed, and we highlight connections to recently discussed attacks on DIQKD protocols that have public announcements based on the measurement outcomes. This discussion indicates the challenges that would need to be addressed in order to apply those techniques in the presence of memory effects (for either the device-dependent or device-independent case), even for a single protocol instance.