Generalized measurement incompatibility

The Big Picture: The "Untrusted Box" Problem

Imagine you are trying to build a super-secure communication system (like a digital lock) that relies on the laws of physics rather than math. You have a device (let's call it "Bob's Box") that measures particles of light. You trust the laws of physics, but you don't trust the box itself. Maybe a hacker (let's call her "Eve") built it or tampered with it.

In the quantum world, measurements are often "incompatible." This means you can't measure two different things at the exact same time with perfect precision. This incompatibility is usually a good thing for security; it creates randomness that Eve cannot predict.

However, real-world devices aren't perfect. They lose particles (like a camera missing a photon because of a dirty lens). When a device misses a particle, it gives a "no-click" result. The paper asks: If Eve knows exactly which particles were missed and which were detected, can she completely fake the results of the device?

The Core Concept: "Partial Joint-Measurability"

The authors introduce a new way to think about how "fake" a device can be. They call this Generalized Partial Joint-Measurability (G-JM).

To understand this, imagine a game show with a "Magic Box" that answers questions.

Standard Joint-Measurability: The box is a total fake. It has a pre-written script. No matter what question you ask, the answer is already decided by a hidden variable. The box isn't doing any "magic" (quantum stuff) at all; it's just a calculator.
Partial Joint-Measurability (The Old Idea): The box is a hybrid. It fakes the answer for some questions (e.g., "What is the color?") but might still be doing real magic for others (e.g., "What is the shape?").
Generalized Partial Joint-Measurability (The New Idea): This is the paper's main innovation. The box is a hybrid with a filter.
- Imagine the box has a "Key Round" (where you generate the secret password) and a "Test Round" (where you check if the box is working).
- The new definition says: The box can be a total fake for the Key Round outcomes, but it can still be a real quantum device for the Test Round outcomes.
- Even more specifically, if the "Key Round" has three possible answers (Red, Blue, Green), the box might be a total fake for Red and Blue, but still do real quantum magic for Green.

The Analogy:
Think of a magician's assistant.

If the assistant is fully fake, they know the outcome of every trick before it happens.
If the assistant is partially fake, they might know the outcome of the "sawing a person in half" trick, but not the "floating" trick.
This paper defines a super-fine-grained fake: The assistant knows the outcome of the "sawing" trick only if the person is wearing a red shirt. If they are wearing a blue shirt, the assistant is genuinely surprised.

The Main Discovery: The "No-Click" Loophole

The paper proves a critical rule: If the device is "Partially Jointly Measurable," Eve can win.

If the device is set up in a way that fits this "G-JM" definition, Eve (the hacker) can:

Intercept the particles.
Perform a specific "weak measurement" (a gentle peek) that doesn't destroy the quantum state but gives her a clue.
Send the particle to Bob's box.
Perfectly predict the outcome of the "Key Round" (the important part) whenever the detector actually clicks.

If Eve can perfectly predict the key, there is no secret key. The system is broken.

The "Detection Efficiency" Threshold

The paper calculates a specific "tipping point" called Detection Efficiency ( $\eta$ ). This is the percentage of particles the device successfully catches.

High Efficiency: If the device catches almost everything, the quantum "magic" is strong. Eve cannot fake it.
Low Efficiency: If the device loses too many particles, the "fake" strategy becomes possible.

The authors found that for many common setups, the threshold is surprisingly low.

Example: In a specific scenario involving two measurements, if the device only catches 2/3 (66%) of the particles, Eve can perfectly guess the results of the "Key Round" (ignoring the missed ones).
The Twist: Previous security proofs claimed the system was safe even at 66% efficiency. This paper shows those proofs were wrong because they didn't account for this specific type of "partial fake" strategy combined with postselection (throwing away the "no-click" results).

The "Postselection" Trap

This is the most important practical takeaway. In many quantum protocols, when a detector misses a particle (a "no-click"), the data is thrown away (postselection) to keep the key clean.

The paper argues: Throwing away the "no-click" data is dangerous.

The Flaw: Security proofs often assume that because Eve doesn't know which particles were missed, she can't guess the rest.
The Reality: The paper shows that Eve can use the fact that some particles were missed to her advantage. By knowing the pattern of misses, she can perfectly reconstruct the "click" results.
The Consequence: A protocol that was thought to be secure at 66% efficiency is actually insecure at that level if you discard the missed events.

Summary of Results

New Definition: They created a mathematical tool (G-JM) to check if a device can be faked for specific outcomes while doing real quantum work for others.
The Attack: They showed that if a device is G-JM, a hacker with no quantum memory (just a classical computer) can perfectly guess the important outcomes.
The Limit: They calculated exactly how efficient a detector needs to be to stay safe. For some setups, you need more than 66% efficiency, not just "some" efficiency.
The Warning: They identified a flaw in a specific, well-known security proof (from a 2012 paper). That proof claimed security at 66% efficiency, but this paper shows that because of the "postselection" loophole, the system is actually vulnerable.

The Bottom Line

This paper is a "security audit" for quantum cryptography. It says: "Be very careful about throwing away your 'failed' measurements. If you do, a hacker might be able to perfectly guess your secret code, even if your device seems to be working." It provides a new mathematical test to ensure your quantum lock is actually unbreakable.

Generalized Measurement Incompatibility: A Technical Summary

Problem Statement
Quantum measurement incompatibility—the impossibility of realizing multiple measurements via classical post-processing of a single parent measurement—is a fundamental resource for nonclassical phenomena such as Bell nonlocality, quantum steering, and contextuality. In quantum cryptography, particularly device-independent (DI) and semi-device-independent (semi-DI) protocols, incompatibility limits the information an adversary (Eve) can access. If measurements are compatible, Eve can replace the untrusted device with a classical one to perfectly predict outcomes, rendering the protocol insecure.

Recent work by Masini et al. introduced "partial joint-measurability," a weaker notion where only a subset of measurements (e.g., those used for key generation) must be classically determined. However, this framework did not fully account for postselection, a common feature in quantum communication protocols where only a subset of outcomes (e.g., conclusive "click" events) are retained for key generation, while others (e.g., "no-click" events) are discarded. The authors identify a gap in existing security analyses: current bounds on detection efficiency often fail to account for the specific subset of outcomes that an adversary might target in postselected scenarios.

Methodology
The authors propose a generalized framework for $G$ -joint measurability ( $G$ -JM). This generalization allows for a fine-grained specification of which outcomes of each measurement must be classically determined.

Mathematical Formulation:
- For a set of measurements $\{B_y\}$ , the outcome set for each measurement $y$ is partitioned into a subset $G_y$ (outcomes required to be classically determined) and its complement.
- The authors define $G$ -JM via a simulation procedure involving a quantum instrument $\mathcal{I} = \{I_c\}$ and conditional POVMs $\{M_{b|y,c}\}$ . The condition requires that for outcomes $b \in G_y$ , the measurement operators are proportional to a common operator determined by the classical outcome $c$ .
- They demonstrate that this definition is equivalent to the existence of "partial parent" (PP) POVMs $\{E_{c,b|y}\}$ satisfying no-signaling and consistency conditions, where the specific outcomes in $G_y$ are determined by a classical response function.
- Crucially, they show that deciding whether a set of measurements is $G$ -JM can be formulated as a single semidefinite program (SDP), making the problem efficiently decidable.
Operational Interpretation:
- The paper establishes an equivalence between $G$ -JM and adversarial capability: An adversary Eve, restricted to classical side information (no quantum memory), can perfectly guess the outcomes in $G_y$ for all input states if and only if the measurements are $G$ -JM.
- This provides a direct link between the mathematical property of compatibility and the security of cryptographic protocols against specific guessing attacks.
Analytical Derivations:
- The authors derive tight analytical thresholds for the detection efficiency $\eta$ below which generic measurements become $G$ -JM.
- They analyze four specific cases:
  - (a) Full JM: All outcomes (including no-clicks) must be guessed.
  - (b) Partial-input JM: Only one specific measurement setting must be guessed.
  - (c) Partial-outcome JM: Only conclusive outcomes of all measurements must be guessed.
  - (d) Partial input & outcome JM: Only conclusive outcomes of a single measurement setting must be guessed.
- They specialize these results to qubit observables, deriving bounds dependent on the angular aperture of the measurement axes.

Key Results

Generalized Bounds: The paper provides new detection efficiency thresholds for $G$ -JM. For example, in the case of partial-outcome JM (case c), the bound improves from the generic $\eta \leq 1/n$ to $\eta \leq \max\{1/n, 1/k\}$ (where $k$ is the number of outcomes), and further to $\eta \leq 1/(1+\sin(\theta/2))$ for qubit observables, where $\theta$ is the angular aperture of the measurement axes.
Improved Attack Strategies: The authors construct explicit attack strategies for Eve that exploit postselection. In case (d), where Eve targets only the conclusive outcomes of a single measurement, they derive a bound $\eta \leq 2/(2+\sin(\theta))$ for two qubit measurements, which is strictly better than previous generic bounds for $\theta < \pi/2$ .
Security Implications for Ref. [13]: The authors apply their results to the one-sided DIQKD protocol based on steering proposed in Ref. [13]. They demonstrate that for qubit observables $\{Z, X\}$ , the measurements are $G$ -JM whenever $\eta \leq 2/3$ . This contradicts the security claim in Ref. [13], which asserts security for $\eta > 0.659$ .
Postselection Flaw: The paper identifies a flaw in the security proof of Ref. [13] regarding the treatment of postselection. The authors show that conditioning the smooth min-entropy on the postselected string (after discarding no-clicks) can strictly increase Eve's information compared to conditioning on the pre-selection data. Specifically, they show that $H_{\min}^\epsilon(A|E') < H_{\min}^\epsilon(A|E)$ , where $E'$ includes the public announcement of which rounds were discarded. This invalidates the assumption that Eve's information is bounded by the pre-selection entropy.
Role of No-Click Events: The paper highlights that while discarding no-click events allows Eve to perfectly guess the remaining key bits (if $\eta$ is low enough), including no-click events in the raw key (even if they are uncorrelated) can preserve secrecy. They provide an example where a positive key rate is achievable via direct reconciliation even when Eve knows all conclusive outcomes, provided no-click events are not discarded.

Significance and Claims
The paper claims to provide a generalized notion of partial joint-measurability that explicitly accounts for postselection in quantum communication protocols. Its primary contributions are:

Theoretical Framework: A unified mathematical framework ( $G$ -JM) that generalizes previous notions of joint measurability and partial joint measurability, allowing for a fine-grained characterization of measurement compatibility.
Computational Tool: An SDP formulation that allows for the efficient decision of whether a given set of measurements is $G$ -JM.
Operational Security Criterion: A clear operational interpretation linking $G$ -JM to the ability of a classical-side-information-limited adversary to perfectly guess specific measurement outcomes.
Critical Security Analysis: A demonstration that existing security proofs for certain one-sided DIQKD protocols (specifically Ref. [13]) are flawed due to an incorrect treatment of postselection. The authors argue that the threshold for insecurity is higher (i.e., protocols are less robust) than previously thought when postselection is involved.
Practical Bounds: The derivation of analytical thresholds for detection efficiency that directly limit the robustness of DI and semi-DI cryptographic protocols against detection inefficiency.

The authors conclude that their results highlight the importance of carefully treating postselection in security analyses and suggest that $G$ -JM provides a practical criterion for determining when an untrusted measurement device is useless for DI or semi-DI applications. They note that extending these results to higher dimensions and scenarios with multiple untrusted devices remains an open problem.