Failure of Existing Security Criteria in Quantum Key Distribution

The security significance of the trace distance security criterion $d$ is analyzed in terms of operational probabilities of an attacker's success in identifying different subsets of the generated key, both during the key generation process and when the key is used in one-time pad data encryption under known-plaintext attacks. The difference between Eve's sequence error rate and bit error rate is brought out. It is shown with counter-examples that the strong security claim maintained in the literature is incorrect. Other than the whole key error rates that can be quantified at the levels d^{1/3} and d^{1/4} which are much worse than $d$ itself, the attacker's success probabilities in estimating various subsets of the key and in known-plaintext attacks are yet to be quantified from $d$ if possible. It is demonstrated in realistic numerical examples of concrete protocols that drastic breach of security cannot yet be ruled out.