Bell Nonlocality Is Not Sufficient for the Security of Standard Device-Independent Quantum Key Distribution Protocols

Device-independent quantum key distribution is a secure quantum cryptographic paradigm that allows two honest users to establish a secret key, while putting minimal trust in their devices. Most of the existing protocols have the following structure: first, a bipartite nonlocal quantum state is distributed between the honest users, who perform local projective measurements to establish nonlocal correlations. Then, they announce the implemented measurements and extract a secure key by postprocessing their measurement outcomes. We show that no protocol of this form allows for establishing a secret key when implemented on any correlation obtained by measuring local projective measurements on certain entangled nonlocal states, namely, on a range of entangled two-qubit Werner states. To prove this result, we introduce a technique for upper bounding the asymptotic key rate of device-independent quantum key distribution protocols, based on a simple eavesdropping attack. Our results imply that either different reconciliation techniques are needed for device-independent quantum key distribution in the large-noise regime, or Bell nonlocality is not sufficient for this task.