Integrity from Algebraic Manipulation Detection in Trusted-Repeater QKD Networks

Within the authors’ stated model (static topology, fixed disjoint paths, and QKD keys with ε-privacy), the core logic—AMD-encoding plus linear secret sharing plus multi-path OTP relaying—forms a coherent mathematical approach to information-theoretic integrity against algebraic manipulation. The reductions in Appendix B capture the intended security statement: replace imperfect keys by uniform keys with an ε-loss, then reduce forging to a shift-robust secret-sharing game with δ-loss. The main rigor limitations are (i) an under-justified composition lemma for multiple ε-private QKD keys in trace distance, (ii) a definition-level ambiguity in shift-robustness versus the game that is actually analyzed, and (iii) a concrete mismatch between the stated AMD construction and the implementation’s polynomial. These are fixable with tightened definitions, corrected listings, and either a proper hybrid proof for Lemma 1 or a precise composability theorem citation, plus aligning the implementation with the exact AMD polynomial (or proving equivalence).

The paper presents a mathematically sound protocol with mostly rigorous proofs. The core innovation - combining AMD codes with secret sharing for shift-robust security in relay networks - is well-founded mathematically. The game-based security framework correctly models the adversary's capabilities in trusted repeater networks, including dynamic corruption and message manipulation. While the mathematical validity is strong overall, some proof details could be expanded, particularly regarding the independence of QKD keys under quantum side information and the explicit cancellation in telescoping sums. The internal consistency is exemplary, with all definitions, assumptions, and security claims aligning coherently throughout the paper. The protocol achieves its stated goal of providing information-theoretic integrity with optimal overhead.

The submission has a solid central mathematical idea: encode the message with an AMD code, secret-share the codeword, and exploit linearity so that any pathwise algebraic tampering collapses to a single additive perturbation at decode time. This is internally plausible and, at a high level, the reduction strategy for both confidentiality and integrity matches the protocol structure well. In particular, the new shift-robustness definition is a genuine logical contribution because it precisely models blind additive manipulation in trusted-repeater relay. But the manuscript falls short of full mathematical rigor in its current form. Some key steps are only sketched, especially the composition/privacy lemma for multiple QKD links and the independence argument in the shift-robustness proof. In addition, the formal game listings contain enough indexing and branch inconsistencies that the reductions are not mechanically trustworthy as written. I therefore judge the work as mathematically promising and mostly coherent at the conceptual level, but needing careful proof repair and notation cleanup before the main security claims can be considered fully validated.

The submission presents a protocol for confidential and integrity-preserving communication in trusted-repeater QKD networks. From a mathematical and logical perspective, the work is exceptionally rigorous and internally consistent. The authors employ standard cryptographic proof techniques (game-hopping, reductions) correctly and effectively to substantiate their security claims. A key contribution is the formalization of 'shift-robustness,' a security notion well-suited for the problem domain, which is then cleanly used to prove the protocol's integrity. The derivations, particularly the algebraic reduction showing how an adversary against the protocol can be converted into an adversary against the underlying cryptographic primitive, are correct and clearly presented. The paper's assumptions are stated explicitly, and the conclusions follow logically from these assumptions and the subsequent mathematical development. There are no identifiable flaws in the mathematical validity or logical coherence of the submission.

This paper presents a complete and well-executed theoretical treatment of integrity in trusted-repeater QKD networks. The work systematically addresses its stated goal of providing the first protocol with provable integrity guarantees against both external adversaries and corrupted intermediate nodes. All components are rigorously defined and proven, from the underlying constructions (AMD codes, secret sharing) to the main protocol and its security properties. The formal analysis is thorough, employing established game-based techniques and providing detailed proofs in the appendices. While the static network assumption is a significant practical limitation, the authors are transparent about this constraint and frame it appropriately as a stepping stone toward more dynamic solutions. The work establishes solid theoretical foundations for this important problem domain.

This is a well-developed paper that largely fulfills its own stated objective. Within its declared assumptions, it presents a concrete protocol, defines the security properties it aims to achieve, introduces the extra robustness notion needed for malleable relaying, and gives formal reductions showing confidentiality and integrity under those assumptions. The treatment is materially more complete than a high-level proposal: the protocol is explicit, prior approaches are critically situated, and the appendices provide formal game-based scaffolding rather than relying only on intuition. The main reason it falls short of full completeness is not lack of structure, but a handful of unresolved formal/presentation issues. Some crucial steps are deferred to proof sketches or rely on intuitive composition arguments; some notation in listings is slightly inconsistent; and the paper itself concedes important limitations, especially its static-network model and the lack of a unified treatment of confidentiality-plus-integrity leakage channels. Overall, however, the submission is complete enough to support its core claims within its own model, with moderate but fixable gaps in rigor and exposition.

This paper presents a complete and self-contained argument for a novel protocol in trusted-repeater QKD networks, achieving its goals of proving confidentiality and integrity under information-theoretic security. All components, from background definitions to security analyses and practical implementation, are thoroughly developed without gaps, making it a robust submission within its defined scope.

This paper presents a protocol for achieving confidentiality and integrity in trusted-repeater QKD networks. The work is exceptionally complete, methodically addressing all of its stated goals. The authors define their protocol clearly, ground it in established cryptographic primitives, and provide a rigorous security analysis using a formal, game-based proof framework. All variables and concepts are defined before use, and the logical flow of the argument from problem statement to security proof is clear and without obvious gaps. A key strength of this submission is its transparency regarding its own limitations. The authors explicitly state the strong, simplifying assumptions of their model, such as a static network topology and perfect QKD links, and openly discuss how these assumptions limit the protocol's direct real-world applicability. This self-awareness and honesty significantly enhance the paper's completeness. The inclusion of a proof-of-concept implementation further demonstrates the authors' commitment to covering all aspects of their proposed solution, making this a self-contained and well-supported piece of work.

This paper presents a significant contribution to quantum cryptography by solving a previously unsolved problem: achieving provable integrity in trusted-repeater QKD networks. The work is technically rigorous, introducing the first protocol that provides information-theoretic security against both external adversaries and corrupted intermediate nodes. While the individual cryptographic components are not novel, their synthesis and application to this specific problem represents genuine innovation, particularly the adaptation of AMD codes to handle the malleability inherent in quantum network relaying. The paper's primary limitation from a scientific perspective is that it operates entirely in the realm of mathematical proof rather than empirical science - the security guarantees are theoretical properties that can be formally verified but not experimentally falsified. However, within its domain of cryptographic protocol design, the work meets the highest standards of rigor and clarity. The authors' identification of flaws in existing protocols, combined with their provably secure solution, represents a meaningful advance in quantum communication security.

This is a scientifically worthwhile submission with a solid core contribution: it formulates and addresses a specific integrity problem in trusted-repeater QKD networks using a principled combination of AMD codes, secret sharing, and multipath relaying. The strongest aspect is not a new primitive by itself, but a novel adaptation of known cryptographic machinery to a network setting where prior solutions appear to have lacked comparable provable guarantees. The paper is especially valuable in separating observational/network facts from the security interpretation layer and in articulating why earlier MAC-style approaches can be circular when no identical end-to-end key is already shared. The main scientific reservation is scope rather than internal coherence. The claims seem logically consistent within the declared assumptions, but those assumptions are strong enough that the results should be presented as a rigorous solution to a restricted model, not as a general integrity solution for practical trusted-repeater QKD deployments. With slightly sharper qualification of the claim boundaries and perhaps more explicit statements of what would falsify the theorem in-model, this would be a strong contribution in originality and clarity.

Confidentiality leakage of the scheme is bounded by nℓε for a network of n disjoint paths of length at most ℓ when each QKD link is ε-private against quantum side information.

Falsifiable if: Demonstrate a distinguishing attack (possibly using quantum side information) that allows an adversary to gain more information about the secret than permitted by the nℓε bound, i.e., produce an advantage exceeding nℓε in the Ind-Relay game.

The protocol provides information-theoretic integrity (detection of algebraic manipulation) against computationally unbounded adversaries that corrupt only an unqualified set of paths, with failure probability at most nℓε + δ.

Falsifiable if: Exhibit a network topology, choice of AMD/secret-sharing parameters and an adversary strategy that corrupts only an unqualified set of paths but causes Bob to accept a manipulated secret with probability strictly greater than nℓε + δ.

The additional QKD-bit overhead required for strong robustness (integrity for arbitrary messages) is optimal and equals 2 log(1/δ) bits of redundancy (as per Cramer et al.).

Falsifiable if: Provide a secret-sharing + integrity construction achieving strong robustness with asymptotically fewer than 2 log(1/δ) additional bits for the same failure probability δ, or prove a lower bound contradicting optimality claim.