2025-11-17T16:10:20.335390

Soft-Decoding Reverse Reconciliation in Discrete-Modulation CV-QKD

Origlia, Secondini
In continuous-variable quantum key distribution, information reconciliation is required to extract a shared secret key from correlated random variables obtained through the quantum channel. Reverse reconciliation (RR) is generally preferred, since the eavesdropper has less information about Bob's measurements than about Alice's transmitted symbols. When discrete modulation formats are employed, however, soft information is available only at Bob's side, while Alice has access only to hard information (her transmitted sequence). This forces her to rely on hard-decision decoding to recover Bob's key. In this work, we introduce a novel RR technique for PAM (and QAM) in which Bob discloses a carefully designed soft metric to help Alice recover Bob's key, while leaking no additional information about the key to an eavesdropper. We assess the performance of the proposed technique in terms of achievable secret key rate (SKR) and its bounds, showing that the achievable SKR closely approaches the upper bound, with a significant gain over hard-decision RR. Finally, we implement the scheme at the coded level using binary LDPC codes with belief-propagation decoding, assess its bit-error rate through numerical simulations, compare the observed gain with theoretical predictions from the achievable SKR, and discuss the residual gap.
academic

Soft-Decoding Reverse Reconciliation in Discrete-Modulation CV-QKD

Basic Information

  • Paper ID: 2510.10674
  • Title: Soft-Decoding Reverse Reconciliation in Discrete-Modulation CV-QKD
  • Authors: Marco Origlia, Marco Secondini (Sant'Anna School of Advanced Studies, CNR-IEIIT, SMA-RTY Italia SRL)
  • Classification: cs.IT math.IT
  • Submission Date/Conference: Submitted to arXiv on October 12, 2025; extended version based on 2025 SCC conference
  • Paper Link: https://arxiv.org/abs/2510.10674

Abstract

In continuous-variable quantum key distribution (CV-QKD), information reconciliation is employed to extract shared keys from correlated random variables obtained from quantum channels. Reverse reconciliation (RR) is generally preferred because the eavesdropper has less information about Bob's measurement results than about Alice's transmitted symbols. However, when discrete modulation formats are adopted, soft information is only available at Bob's end, while Alice can only access hard information (her transmitted sequence), forcing her to rely on hard-decision decoding to recover Bob's key. This paper introduces a novel RR technique for PAM (and QAM) in which Bob discloses carefully designed soft metrics to assist Alice in recovering Bob's key while not leaking additional information about the key to an eavesdropper.

Research Background and Motivation

Problem Definition

In CV-QKD systems, information reconciliation is a critical step for extracting shared keys. Traditionally, two reconciliation strategies exist:

  1. Direct Reconciliation (DR): Alice defines the key and discloses redundant information; Bob recovers Alice's key
  2. Reverse Reconciliation (RR): Bob defines the key and discloses redundant information; Alice recovers Bob's key

Core Problem

When discrete modulation formats are used, RR faces severe information asymmetry issues:

  • Bob possesses continuous channel output Y (soft information)
  • Alice only has discrete transmitted symbols X (hard information)
  • This asymmetry causes RR efficiency to be significantly lower than DR

Research Motivation

  1. Security Requirements: RR is superior to DR in security since the eavesdropper has less information about received data than transmitted data
  2. Efficiency Issues: Traditional RR suffers from substantially lower efficiency than theoretical limits due to lack of soft information
  3. Practical Considerations: Discrete modulation is more readily implementable in practical CV-QKD systems, but reconciliation efficiency needs improvement

Core Contributions

  1. Proposed RRS Scheme: Designed a novel reverse reconciliation soft-decoding scheme (RRS) where Bob discloses carefully constructed soft metrics N to assist Alice
  2. Theoretical Analysis: Established an information-theoretic framework for RRS and proved optimality under the constraint I(X̂;N)=0
  3. Performance Bounds: Derived upper and lower bounds on achievable key rates for RRS: I(X̂;X) ≤ I(X̂;X|N) ≤ I(X;Y)
  4. Practical Implementation: Implemented a complete coding-level scheme based on LDPC codes and belief propagation decoding
  5. Comprehensive Evaluation: Verified scheme effectiveness through theoretical analysis and numerical simulations

Methodology Details

Task Definition

Input: Alice transmits PAM symbols X; Bob receives Y = X + W (W is Gaussian noise) Output: Alice and Bob obtain identical key sequences Constraint: Soft metrics N disclosed by Bob must not leak information about key X̂ to eavesdroppers

Core Method Architecture

1. System Model

Alice transmits: X ∈ A = {a₁, ..., aₘ}
Channel output: Y = X + W, W ~ N(0, σ²)
Bob's decision: X̂ = aᵢ if Y ∈ Dᵢ

2. Soft Metric Construction

Bob computes transformation function:

N = g(Y) = {
  g₁(Y), Y ∈ D₁
  ...
  gₘ(Y), Y ∈ Dₘ
}

Key constraint: Ensure I(X̂;N) = 0, i.e.:

f_{N|X̂}(n|aᵢ) = f_{N|X̂}(n|aⱼ) = f_N(n) ∀aᵢ,aⱼ ∈ A

3. Optimal Transformation Design

Employs conditional cumulative distribution function:

gᵢ(y) = F_{Y|X̂}(y|aᵢ) = [F_Y(y) - F_Y(inf Dᵢ)] / P_{X̂}(aᵢ)

This ensures N|{X̂=aᵢ} ~ U(0,1), satisfying the no-information-leakage constraint.

4. Monotonicity Configuration

Defines 2^M configurations C^b, each corresponding to different monotonicity direction combinations:

  • bᵢ = 0: Monotonically increasing in Dᵢ
  • bᵢ = 1: Monotonically decreasing in Dᵢ

Technical Innovations

  1. Information-Theoretic Constraint Design: Ensures security through I(X̂;N)=0 constraint while maximizing I(X̂;X|N)
  2. Probability Integral Transform: Constructs soft metrics satisfying uniform distribution using conditional CDF
  3. Configuration Equivalence Theory: Proves equivalence of flipped, mirrored, and inverted configurations, simplifying optimization space
  4. Adaptive Threshold Strategy: Proposes both fixed and adaptive threshold selection methods

Experimental Setup

Simulation Parameters

  • Modulation Format: PAM-4, PAM-8
  • Channel: Additive White Gaussian Noise (AWGN)
  • Coding: DVB-S2 LDPC codes, code rates 1/2 and 1/4, code length 64800
  • Decoding: Belief propagation algorithm, maximum 50 iterations
  • Mapping: Gray mapping

Evaluation Metrics

  1. Secret Key Rate (SKR): I(X̂;X|N) bits/channel use
  2. Reconciliation Efficiency: β* = I(X̂;X|N)/I(X;Y)
  3. Bit Error Rate (BER): Post-decoding bit error rate

Comparison Methods

  1. RRH: Traditional hard-decision reverse reconciliation
  2. DR: Direct reconciliation (ideal soft-decoding benchmark)
  3. Theoretical Upper Bound: I(X;Y)

Experimental Results

Key Rate Performance

For PAM-4 modulation:

  • BPSK Case: RRS achieves theoretical bound I(X;Y), equivalent to Leverrier scheme
  • PAM-4 Case:
    • High code rate (R=1/2): Reconciliation efficiency approaches 1, nearly eliminating gap to upper bound
    • Low code rate (R=1/4): Efficiency slightly lower but still significantly outperforms RRH
    • Optimal configuration: Alternating configuration C^5 performs best across most code rates

BER Performance

PAM-4 Results

Code RateRRS Gain over RRHRRS Gap to DR
1/21.39 dB0.04 dB
1/40.53 dB0.36 dB

PAM-8 Results

  • Code Rate 1/2: RRS-to-DR gap only 0.1 dB
  • Code Rate 1/4: Still 0.35 dB gap, but >0.1 dB gain over RRH

Key Findings

  1. Configuration Optimization: Alternating configuration optimal in most cases
  2. Threshold Strategy: Adaptive threshold shows clear advantage at low code rates
  3. Performance Gap: BER results align with SKR predictions, with minor deviations at low code rates

Related Work

Traditional Reconciliation Methods

  1. Gaussian Variable Reconciliation: Slice reconciliation, multi-dimensional reconciliation
  2. Leverrier Scheme: Soft RR scheme for BPSK/QPSK
  3. Classical Error-Correcting Codes: LDPC code applications in reconciliation

Contributions Compared to Prior Work

  1. Extensibility: Extended from BPSK to general PAM/QAM modulation
  2. Theoretical Completeness: Provides comprehensive information-theoretic analysis framework
  3. Practicality: Offers concrete coding-level implementation schemes

Conclusions and Discussion

Main Conclusions

  1. Theoretical Contribution: Established complete theoretical framework for soft-decoding reverse reconciliation in discrete-modulation CV-QKD
  2. Performance Improvement: Significantly narrowed gap between RR and theoretical bound; nearly optimal for PAM-4
  3. Practical Value: Provided implementable coding schemes verifying theoretical predictions

Limitations

  1. Bit-Level Decoding: Current implementation based on bit-level decoding, potentially suboptimal
  2. Code-Rate Dependence: Performance gains relatively limited at low code rates
  3. Complexity: Requires computation and transmission of additional soft metrics

Future Directions

  1. Symbol-Level Decoding: Explore non-binary codes and symbol-level decoding
  2. Label Optimization: Investigate optimal symbol-to-bit mapping strategies
  3. Probabilistic Shaping: Incorporate probabilistic amplitude shaping techniques
  4. Low-Rate Optimization: Specialized optimization for low-rate scenarios in QKD applications

In-Depth Evaluation

Strengths

  1. Theoretical Rigor: Provides complete information-theoretic analysis including performance bounds and optimality proofs
  2. Methodological Innovation: Cleverly exploits probability integral transform to construct secure soft metrics
  3. Experimental Sufficiency: Encompasses theoretical analysis, numerical simulations, and coding-level implementation
  4. Practical Value: Addresses practical problems in discrete-modulation CV-QKD

Weaknesses

  1. Scope of Applicability: Primarily targets PAM/QAM modulation; extensibility to other modulation formats requires verification
  2. Complexity Analysis: Lacks detailed computational complexity and communication overhead analysis
  3. Quantum Security: Considers only information leakage in reconciliation phase; incomplete analysis of quantum channel security

Impact

  1. Academic Contribution: Provides important theoretical tools and methods for CV-QKD field
  2. Practical Value: Helps improve performance of practical CV-QKD systems
  3. Reproducibility: Authors provide open-source code repository facilitating verification and extension

Applicable Scenarios

  1. CV-QKD Systems: Particularly suitable for continuous-variable quantum key distribution with discrete modulation
  2. Classical Communications: Methods extensible to classical communication scenarios requiring reverse error correction
  3. Secure Communications: Applicable to secure communication applications with strict information leakage requirements

References

The paper cites 25 relevant references covering quantum key distribution, information theory, error-correcting codes, and other important works across multiple domains, providing solid theoretical foundation for the research.