Sequential Attack Impairs Security in Device-independent Quantum Key Distribution

Abstract: Device-independent quantum key distribution (DI-QKD) leverages nonlocal correlations to securely establish cryptographic keys between two honest parties while making minimal assumptions about the underlying systems. The security of DI-QKD relies on the validation of quantum theory, with Bell violations ensuring the inherent unpredictability of the observed statistics, independent of the trustworthiness of the devices. While traditional QKD attacks are generally categorised as individual, collective, or coherent attacks, we introduce a novel attack strategy-the sequential attack. In this approach, Eve intercepts the transmitted quantum particle, performs an unsharp measurement to preserve the Bell violation between the honest parties, and disguises her interference as noise. Such a strategy enables Eve to extract substantial information about the key, even without performing collective measurements. Furthermore, when combined with collective attack, this strategy significantly reduces the secure key rate and, under certain conditions, can render it to zero. We show that within specific ranges of Bell violations and quantum bit error rates, the cumulative effect of sequential and collective attacks poses a stronger threat to DI-QKD security than collective attacks alone. These findings underscore the vulnerability of DI-QKD to real-world imperfections, emphasising that Bell nonlocality alone is insufficient to guarantee security in practical implementations.