Quantum key distribution with PRF(Hash, Nonce) achieves everlasting security

Peev et al. (Int J Quantum Inf 03:225–231, 2005) introduced a key-efficient two-step hash function for authentication in quantum key distribution (QKD). They suggested using a publicly known hash function as part of this scheme. Improving on this, Pacher et al. (Quantum Inf Process 15:327–362, 2016) suggested a method to restore information-theoretic security (ITS) by using almost universal hash functions instead of publicly known hash functions. While their scheme is a key-efficient almost-strongly universal (ASU) family, like any other ASU family, it only provides a one-time MAC. Here, we propose the use of a MAC paradigm called PRF(Hash, Nonce) for authentication in QKD. This MAC has several advantages which make it suited for QKD. In particular, unlike the above constructions, it is a many-time MAC and is also more key-efficient. In fact, PRF(Hash, Nonce) is even more key-efficient than the Wegman–Carter paradigm, the most widely used MAC scheme for authentication in QKD. Furthermore, it provides everlasting security, which means that if authentication remains unbroken during the execution of QKD, then the resulting keys retain ITS, which guarantees that the adversary cannot gain any new information on the keys even with unlimited computational power.