One Key Good, L Keys Better: List Decoding Meets Quantum Privacy Amplification
Abstract
We introduce list privacy amplification (LPA), a relaxation of the final step of quantum key distribution (QKD) in which Alice and Bob extract a list of L candidate keys from a raw string correlated with an eavesdropper Eve, with the guarantee that at least one key is perfectly secret while Eve cannot identify which. This parallels list decoding in error-correcting codes: relaxing unique decoding to list decoding increases the decoding radius; analogously, list extraction increases achievable key length beyond the standard quantum leftover hash lemma (QLHL). Within the abstract cryptography framework, we formalise LPA and prove the Quantum List Leftover Hash Lemma (QLLHL): an L-list of -bit keys can be extracted from an n-bit source with smooth min-entropy k iff \[ k + L - 2(1/ε) - 3, \] yielding a tight additive L gain over QLHL. This gain arises because the index of the secure key is chosen after hashing and hidden from Eve, effectively contributing L bits of entropy. Applying QLLHL to BB84-type QKD, a list size L = 2α n' increases the tolerable phase-error threshold from h-1(1 - h(eb)) to h-1(1 - h(eb) + α), exceeding the standard ≈ 11\% bound for any α > 0. We prove tightness via a matching intercept-resend attack, establish composability with Wegman--Carter authentication, and present two constructions: a polynomial inner-product hash over F2m and a Toeplitz-based variant, running in O(nL) and O(nL n) time.
Turn this paper into a full lesson
ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.