Finite-Key Analysis for MDI-QKD

Updated 5 January 2026

The paper presents a rigorous finite-key analysis that incorporates statistical fluctuations and composable-security proofs for MDI-QKD.
It outlines advanced decoy-state formalism and linear-programming techniques to tightly estimate single-photon yields and phase errors from limited data.
It demonstrates practical implications by optimizing key rates and secure transmission distances while accounting for realistic device imperfections.

Finite-key analysis for measurement-device-independent quantum key distribution (MDI-QKD) addresses the challenge of rigorously quantifying security and achievable key rates when only a finite number of signals are exchanged. Unlike asymptotic analyses, where unlimited data is assumed, the finite-key regime incorporates statistical fluctuations, finite sampling errors, and composable security parameters into key-rate formulas. This domain is characterized by advanced statistical tools (such as Chernoff and Hoeffding bounds, Serfling inequality, and trace-distance methods), linear-programming decoy-state yield estimation, and entropy-based privacy quantification. The field has advanced rapidly through the development of practical decoy-state and double-scanning methods for discrete-variable systems, rigorous protocols for continuous-variable scenarios, and explicit composable-security proofs against general attacks.

1. Conceptual Framework and Security Model

MDI-QKD is designed to eliminate all detector side-channel attacks by interposing an untrusted relay (Charlie) who performs a Bell-state measurement (BSM) on the quantum states sent by Alice and Bob. Security proofs in the finite-key regime require composable security definitions: a protocol is $\varepsilon$ -secure if the total probability that the key is incorrect or non-secret is at most $\varepsilon$ (Curty et al., 2013). Security is proven against general coherent attacks by bounding the smooth min-entropy of Alice's key conditioned on Eve's quantum system, using the entropic uncertainty framework.

Protocols must account for non-idealities: photon number statistics of weak coherent sources (WCS), loss and noise in the channel, detector inefficiency and dark counts, and in some analyses, information leakage from Alice and Bob's source modules (Wang et al., 2020).

2. Decoy-State Formalism and Yield/Phase-Error Estimation

Decoy-state methods are essential for practical MDI-QKD with WCS, enabling characterization of the single-photon yield ( $Y_{11}$ ) and phase error ( $e_{11}^{ph}$ ) notwithstanding multi-photon contamination. The central problem is to estimate tight lower and upper bounds for $Y_{11}$ and $e_{11}^{ph}$ , respectively, from observed counts in a finite dataset. Analytical and linear-programming approaches use Poissonian statistics of photon number, observed gains $Q_{\mu_i\nu_j}$ , and QBERs $E_{\mu_i\nu_j}$ across various intensity settings to formulate a system of inequalities. Statistical fluctuations are addressed via normal-approximation (e.g., “five-sigma” rule in (Zhang et al., 2014)), Chernoff bounds (Curty et al., 2013, Chen et al., 2021), or Azuma's inequality in the presence of source leakage (Wang et al., 2020).

For example, in vacuum+weak decoy-state MDI-QKD, formulas are constructed to bound $Y_{11}$ and $e_{11}$ using pairwise differences of observed gains, with higher-order photon contributions controlled by inequalities involving the decoy intensities. Statistical corrections are applied to each observed parameter, yielding confidence intervals which are then propagated through the decoy-state analysis (Sun et al., 2013).

3. Finite-Key Secret-Key-Rate Formulas

Finite-key secure key length or per-pulse key rate formulas exhibit a common structure: $R_{\rm finite} = S_{11}[1-h(e_{11}^{ph})] - \lambda_{\rm EC} - \Delta(\varepsilon)$ where $S_{11}$ is the number (or probability) of single-photon signal–signal events, $e_{11}^{ph}$ is the upper-bounded phase error, $\lambda_{\rm EC}$ accounts for the error-correction leakage, and $\Delta(\varepsilon)$ aggregates all finite-size smoothing and estimation error terms (Curty et al., 2013, Sun et al., 2013, Chen et al., 2021, Wang et al., 2020). For composable security, explicit additive entropy terms, such as $6\log_2(21/\varepsilon)$ , are included.

In decoy-state CHSH-MDI-QKD, the key-rate involves the single-photon CHSH value $g_{11}$ in the privacy term, estimated using linear programs subject to finite-size constraints (Zhang et al., 2014).

In double-scanning MDI-QKD, the key rate depends on two shared parameter combinations $\mathcal{H}$ and $\mathcal{M}$ , with yields and error rates expressed as linear functions of these auxiliary variables. Statistical bounds for the relevant observed quantities are found via Chernoff bounds, followed by a constrained minimization procedure over $\mathcal{H},\mathcal{M}$ (Chen et al., 2021).

4. Statistical Methodologies: Large Deviation Theory and Sampling

The accuracy of single-photon yield and error estimation hinges on the application of concentration inequalities:

Chernoff and Hoeffding bounds are applied to gains and error rates for i.i.d. Bernoulli processes, enabling exponentially tight (in $N$ ) finite-sample confidence intervals (Curty et al., 2013, Chen et al., 2021).
Serfling's inequality is used to transfer estimated single-photon error rates between randomly sampled subsets (e.g., $X$ - and $Z$ -basis data), ensuring composable security under sampling without replacement (Curty et al., 2013, Wang et al., 2020).
Azuma's inequality is invoked where memory effects or source leakage invalidate the i.i.d. assumption, controlling deviations in the presence of arbitrary correlations between rounds (Wang et al., 2020).

Parameter estimation proceeds by constructing confidence intervals for observed yields, errors, and derived quantities, inputting them into analytical or LP decoy-state formulas. The total failure probability is distributed among all statistical bounds, error correction, and privacy amplification events.

5. Protocol Variants and Enhancement Techniques

Several protocol variants and methodological advances optimize finite-key resilience:

Vacuum + weak decoy state: Achieves nearly optimal decoy estimation for MDI-QKD with minimal hardware cost, with explicit finite-key bounds (Sun et al., 2013).
Four-intensity and double-scanning: The double-scanning protocol establishes two linear combinations of observed parameters that tightly capture the uncertainty in yields and phase errors, substantially reducing the overestimation typical in finite-size analyses and extending secure transmission distance at moderate data sizes ( $N \sim 10^{10}$ ) (Chen et al., 2021).
Source-leakage–resilient protocols: Formulated using trace distance and Azuma-based LPs, these protocols maintain security when the intensity or basis choices partially leak from Alice or Bob’s stations (Wang et al., 2020).
Continuous-variable (CV) MDI-QKD: Finite-key analyses for CV-MDI-QKD use maximum-likelihood or covariance-based estimation of transmission and noise, with parameter confidence intervals calculated using the central limit theorem or Gaussian error bounds. The key rate formula incorporates reconciliation efficiency and worst-case Holevo information, evaluated on worst-case parameter estimates (Papanastasiou et al., 2017, Zhang et al., 2017).

6. Numerical Benchmarks and Practical Implications

Finite-key effects manifest as distance- and rate-reducing corrections relative to the asymptotic limit, particularly acute for small $N$ .

With $N=10^{10}$ and practical detectors, double-scanning MDI-QKD remains secure up to 150 km, outperforming standard 3- or 4-intensity decoy-state MDI-QKD, which fail at shorter distances (Chen et al., 2021).
For vacuum+weak decoy implementations, finite-size corrections typically suppress the key rate by 10–20% for $N=10^{10}$ but become negligible ( $<5\%$ ) as $N \to 10^{12}$ (Sun et al., 2013, Curty et al., 2013).
In CV-MDI-QKD, metropolitan-scale distances ( $>10$ km) yield nonzero key rates with as few as $N=10^6$ pulses; rates converge to the asymptotic value for $N\sim10^9$ (Papanastasiou et al., 2017).

A trade-off exists between security parameter $\varepsilon$ , block size $N$ , key rate, and achievable distance. Experimental parameters such as dark count rate, detection efficiency, and misalignment directly affect the finite-key bounds and must be optimized in concert with statistical correction terms.

7. Limitations, Open Problems, and Future Directions

Some finite-key analyses in the literature employ heuristic estimation (e.g., the "five sigma" rule (Zhang et al., 2014)) without a full composable security reduction; rigorous finite-key results require explicit error budget accounting for all protocol steps and union bounding of failure probabilities.

Open challenges include:

Tightening of statistical correction terms to minimize penalty on rate/distance.
Efficient finite-key security proof techniques for protocols based on generalized Bell inequalities or high-dimensional encodings.
Robust quantification and mitigation of side-channel information leakage, especially for next-generation source devices.
Direct extension of composable security techniques to multi-node or repeater-based MDI-QKD networks.

Recent advances demonstrate that, with sharp finite-key analysis and protocol optimization, MDI-QKD is experimentally viable for metropolitan- and intercity-scale secure communication with realistic resources (Chen et al., 2021, Curty et al., 2013, Papanastasiou et al., 2017).