Memory effects in device-dependent and device-independent cryptography

Abstract

In device-independent cryptography, it is known that reuse of devices across multiple protocol instances can introduce a vulnerability against memory attacks. This is an introductory note to highlight that even if we restrict ourselves to device-dependent QKD and only consider a single protocol instance, memory effects across rounds are enough to cause substantial difficulties in applying many existing non-IID proof techniques, such as de Finetti reductions and complementarity-based arguments (e.g. analysis of phase errors). We present a quick discussion of these issues, including some tailored scenarios where protocols admitting security proofs via those techniques become insecure when memory effects are allowed, and we highlight connections to recently discussed attacks on DIQKD protocols that have public announcements based on the measurement outcomes. This discussion indicates the challenges that would need to be addressed in order to apply those techniques in the presence of memory effects (for either the device-dependent or device-independent case), even for a single protocol instance.