A Quantitative Method for Evaluating Security Boundaries in Quantum Key Distribution Combined with Block Ciphers

With the rapid development of quantum computing, classical cryptography systems are increasingly vulnerable to security threats, thereby highlighting the urgency of constructing architectures that are resilient to quantum computing attacks. While Quantum Key Distribution (QKD) offers security with information-theoretic guarantees, its relatively low key generation rate necessitates integration with classical cryptographic techniques, particularly block ciphers such as AES and SM4, to facilitate practical applications. However, when a single QKD-key is employed to encrypt multiple data blocks, the reduction in cryptographic security strength has not yet been quantitatively analyzed. In this work, we focus on the security strength in the application scenario where QKD is combined with block ciphers. We propose a quantitative evaluation method for the security benefits of the QKD-key renewal period, aiming to provide a precise measure of the cryptographic security strength in such hybrid systems. Our method is based on concrete security paradigm of block cipher modes of operation. We demonstrate that under practical security level requirements, for files consisting of specific blocks, rekeying k times can provide an additional log2(k) to 2log2(k) bits of security. Our research offers a novel perspective on balancing the security and efficiency of QKD-based encryption.

💡 Research Summary

The paper addresses a practical problem that arises when quantum key distribution (QKD) is combined with conventional block ciphers such as AES or SM4 to protect bulk data. While QKD provides information‑theoretic security, its key‑generation rates (typically a few kilobits per second) are far lower than the gigabit‑to‑terabit data rates of modern networks. Consequently, a single QKD‑derived key is often reused to encrypt many data blocks using a block‑cipher mode of operation (CTR, CBC, or ECBC‑MAC). The security impact of this key reuse has not been quantified in prior work, which the authors set out to remedy.

Methodology
The authors adopt the concrete‑security framework pioneered by Bellare et al., focusing on the chosen‑plaintext attack (CPA) model. They define the adversary’s distinguishing advantage CP Aadv