The security of quantum key distribution against undetected eavesdropping depends on the key-sharing parties (Alice and Bob) making a probabilistic estimate of the ignorance of a maximally adept eavesdropper (Eve) concerning sifted, error-free bits from which Alice and Bob distill a key. For individual attacks on the BB84 protocol, we show how to generalize the defense function and the defense frontier of Slutsky et al. to take advantage of Cachin’s analysis of Renyi entropy of arbitrary order R, here called R-entropy. For a special case of an attack uniform over all bits, an optimum defense frontier is displayed. Evidence is discussed for the conjecture that this defense frontier in terms of R-entropy holds good not just for uniform attacks but for all individual attacks on BB84.
We also show how the entropy estimate fits in to the full suite of key-distillation protocols in a QKD system, in particular how it relates to privacy amplification. After privacy amplification, Eve will have, with high probability, no information about the remaining bits. By choosing the optimal Rényi order R, we can distill secure bits in the presence of a significantly higher error rate.