FIG 1 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
The setup and channel model of BB84 and MDI-QKD. (a) For BB84, Alice's signals go through a rotation θ along the Z-X plane, and they also suffer from channel loss (transmittance η). Here we show the passive detection scheme for BB84 (while in the active case, the beamsplitter can be replaced by an optical switch). (b) For MDI-QKD, Alice's and Bob's signals each go through a rotation of θ A , θ B (again, along the Z-X plane) with respect to Charlie's measurement basis. Here we assume Charlie always measures in the Z basis. The channel model also includes Alice's and Bob's losses, η A , η B . Each detector is assumed to have a dark count rate of p d .
Source publication
In this work, we incorporate decoy-state analysis into a well-established numerical framework for key rate calculation, and we apply the numerical framework to decoy-state BB84 and measurement-device-independent (MDI) QKD protocols as examples. Additionally, we combine with these decoy-state protocols what is called “fine-grained statistics,” which...
Contexts in source publication
Context 1
... this section, we will describe the channel model we use for simulating the raw statistics that would have been obtained from WCP sources for the BB84 and MDI-QKD protocols (example setups of which are illustrated in Fig. 1). These statistics are used in the decoy-state analysis to bound the single photon contribution. Note that all the channel models are only used to simulate the statistics γ 1,U k , γ 1,L k , which are independent from the protocol descriptions (i.e., POVMs k , and the Kraus operators and key maps). In practice, the raw statistics can ...
Context 2
... consider a channel model as in Fig. 1, where Alice and Bob's signals each have a rotated polarization of θ A , θ B , with respect to Charlie's measurement basis, which is in Z basis only here. The angles θ A , θ B include the effect of both polarization encoding and polarization misalignment, for instance for input HV the angles would be (0 + θ e , π/2 + θ e ), where θ e ...
Context 3
... the output ports are denoted 3,4 and the polarization H, V , as shown in Fig. 1. Each detector's clicking probability (including the effect of dark counts) can be written ...
Context 4
... total of 4 × 16 entries for each intensity setting chosen can be recorded from the simulation/experiment. This matrix can be mapped back to a five-entry qubit-based statistics corresponding to the POVMs, by applying a mapping matrix M. The mapping rules are as follows: double clicks in the same basis are assigned randomly to a bit, while clicks simultaneously in different bases are discarded for passive detection (for active detection there are no such clicks, since only detectors in one basis are activated at a time), 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1], ...
Context 5
... perform a simple simulation for decoy-state BB84 in Fig. 10 as a demonstration. As can be seen, using all four combinations of basis simultaneously can generate a higher key in some situations with large misalignment angles, while at low misalignment angles it might be better to only use ZZ and XX, because signals with ZX and XZ basis combinations would have large QBER when the misalignment ...
Context 6
... Note that while we demonstrate this for BB84, in principle MDI-QKD protocols can utilize such a setting to reduce errorcorrection leakage when the misalignment angle is large. FIG. 10. Comparison of using all basis combinations simultaneously for encoding (dot-dashed blue line) vs using ZZ and XX (solid blue line), for the decoy-state BB84 key rate plotted against misalignment angle between Alice and Bob. The coarse-grained key rate (solid black line) is also included, generated analytically. We also include the ...
Similar publications
Citations
... • We introduce an improved method for computing reliable bounds on the entropy produced in a single round of a generic decoy-state protocol. Our approach should give better key rates in both asymptotic and finite-size regimes (even for security proofs not based on entropy accumulation) than previous approaches in [WL22,NUL23,KL24], because it bypasses some suboptimal intermediate steps in those works. For the purposes of the GEAT, our approach gives a flexible method to construct a min-tradeoff function for such protocols, unlike previous constructions that relied on closed-form entropy bounds. ...
... More specifically, previous approaches for key rate evaluations in decoy-state protocols were based on a two-step procedure [WL22], which first computes bounds on various photon yields and then bounds the entropy based on the single-photon yields using the method in [WLC18]. However, since this takes place in two separate steps, the resulting bounds may be suboptimal; furthermore, it is not straightforwardly compatible with existing methods for numerically constructing min-tradeoff functions for the GEAT, which relied on the existence of a single convex optimization problem for bounding the entropies. ...
... We introduce a new approach which unifies the two steps into a single convex optimization. This lets us construct min-tradeoff functions for generic decoy-state protocols, and has the further advantage that it should yield better key rates than those in [WL22,NUL23,KL24], even in the asymptotic regime or for proof frameworks outside of entropy accumulation. ...
An important goal in quantum key distribution (QKD) is the task of providing a finite-size security proof without the assumption of collective attacks. For prepare-and-measure QKD, one approach for obtaining such proofs is the generalized entropy accumulation theorem (GEAT), but thus far it has only been applied to study a small selection of protocols. In this work, we present techniques for applying the GEAT in finite-size analysis of generic prepare-and-measure protocols, with a focus on decoy-state protocols. In particular, we present an improved approach for computing entropy bounds for decoy-state protocols, which has the dual benefits of providing tighter bounds than previous approaches (even asymptotically) and being compatible with methods for computing min-tradeoff functions in the GEAT. Furthermore, we develop methods to incorporate some improvements to the finite-size terms in the GEAT, and implement techniques to automatically optimize the min-tradeoff function. Our approach also addresses some numerical stability challenges specific to prepare-and-measure protocols, which were not addressed in previous works.
... Recently, the well-established numerical framework [66,67] has been effectively integrated into decoy-state BB84 and MDI-QKD protocols [68]. These modified protocols leverage 'fine-grained statistics' from numerical analysis technology, resulting in significantly higher secure key rates and greatly extended maximum distances, even in the presence of substantial misalignment. ...
... We firstly explain how to apply the numerical framework to the A-MDI-QKD protocol. The key ideas can be fully described using a similar methodology as in [68] through the following processes: ...
... In [68], which introduced the original MDI-QKD numerical framework, fine-grained data which incorporate a full set of detector clicks including all cross-basis events are employed. Specifically, Alice and Bob each produce four polarization states: |H〉, |V〉, | + 〉, | − 〉. ...
Asymmetric measurement-device-independent quantum key distribution (MDI-QKD) enables building a scalable, high-rate quantum network with an untrusted relay in real-world scenarios. In this study, we improve the performance of asymmetric MDI-QKD using numerical analysis techniques. Simulation results show a twofold increase in tolerance to basis misalignment compared to the previous state-of-the-art method. Specifically, for instances of substantial basis misalignment, the key rate increases by an order of magnitude, and the maximum communication distance extends by 20 km. Our work significantly enhances the robustness and feasibility of asymmetric MDI-QKD, thereby promoting the widespread deployment of MDI-QKD networks.
... The proposed method comprises two main components. First, we use the numerical framework recently reported in [55]. This allowed us to analyze the BB84 and MDI-QKD protocols using a finite number of decoy states. ...
... Here, we introduce the methodology to bound a secure key rate for decoy-state BB84 and MDI-QKD under THAs. We briefly review the numerical framework presented in [55] and explain how to use a source-replacement scheme to incorporate potential information leakage due to THAs into the numerical framework. Furthermore, we give an intuitive explanation that our numerical method outperforms the refined GLLP method. ...
... We first provide a brief description of the numerical framework for decoy-state QKD, first introduced in [61] and then developed the case of a finite number of decoy states proposed by Wang et al. [55]. The details of this process can be found in [55]. ...
In a quantum Trojan-horse attack (THA), eavesdroppers learn encoded information by injecting bright light into encoded or decoded devices of quantum key distribution (QKD) systems. These attacks severely compromise the security of non-isolated systems. Thus, analytical security bound was derived in previous studies. However, these studies achieved poor performance unless the devices were strongly isolated. Here, we present a numerical method for achieving improved security bound for a decoy-state QKD system under THAs. The developed method takes advantage of the well-established numerical framework and significantly outperforms previous analytical bounds regarding the achievable final key and secure transmitted distance. The results provide a new tool for investigating the efficient security bounds of THA in practical decoy-state QKD systems. This study constitutes an important step toward securing QKD with real-life components.
... This step is modeled as Alice and Bob performing some measurements given by positive operator-valued measures (POVMs) { k }, obtaining expectation values {γ k }. The POVMs and expectation values depend on whether the protocol implements "fine-graining" or "coarse-graining" during the acceptance test [26], and the exact nature of the coarse-graining. ...
... The gain sets the constraints on the probability of choosing each basis for measurement, while the QBER in each basis sets the constraints on the observed error rate. We note that this is a departure from the nomenclature of Ref. [26], where the "coarse-grained" case refers to the "sifted fine-grained" case as defined above. Additionally, we use the constraints from source replacement that characterize Alice's system for prepare-and-measure protocols. ...
... For only misalignment, it has already been shown that fine-grained constraints allow us to show that Eve factors off and holds a state that is independent of the Alice-Bob state [26]. Since Eve's quantum system factors off, the F = F follows from the fact that W and Z are independent random variables for each basis, i.e., S(Z |ÃBW) = S(Z |ÃB). ...
We point out a critical flaw in the analysis of quantum key distribution protocols that employ the two-way error-correction protocol Cascade. Specifically, this flaw stems from an incomplete consideration of all two-way communication that occurs during the Cascade protocol. We present a straightforward and elegant alternative approach that addresses this flaw and produces valid key rates. We exemplify our new approach by comparing its key rates with those generated using older, incorrect approaches, for qubit BB84 and decoy-state BB84 protocols. We show that, in many practically relevant situations, our rectified approach produces the same key rate as older, incorrect approaches. However, in other scenarios, our approach produces valid key rates that are lower, highlighting the importance of properly accounting for all two-way communication during Cascade.
... Then O j ,k = Q j ⊗ P k . According to [19], we consider the contribution from the single-photon component as a lower bound of the key rate, ...
Quantum key distribution (QKD) is a secure communication method that utilizes the principles of quantum mechanics to establish secret keys. The central task in the study of QKD is to prove security in the presence of an eavesdropper with unlimited computational power. In this work, we successfully solve a long-standing open question of the security analysis for the three-state QKD protocol with realistic devices, i.e., the weak coherent-state source. We prove the existence of the squashing model for the measurement settings in the three-state protocol. This enables the reduction of measurement dimensionality, allowing for key rate computations using the numerical approach. We conduct numerical simulations to evaluate the key rate performance. The simulation results show that we achieve a communication distance of up to 200 km.
... This step is modelled as Alice and Bob performing some measurements given by POVMs {Γ k }, obtaining expectation values {γ k }. The POVMs and expectations values depends on whether the protocol implements "fine-graining" or "coarse-graining" during the acceptance test [26], and the exact nature of the coarse-graining. ...
... The gain sets the constraints on the probability of choosing each basis for measurement, while the QBER in each basis sets the constraints on the observed error-rate. We note that this is a departure from the nomenclature of [26], where the "coarse-grained" case refers to the "sifted fine-grained case" as defined above. Additionally, we use the constraints from source-replacement that characterize Alice's system for prepare and measure protocols. ...
... For only misalignment, it has already been shown that fine-grained constraints allow us to show that Eve factors off and holds a state that is independent of the Alice-Bob state [26]. Since Eve's quantum system factors off, the F = F ′ follows from the fact that W and Z are independent random variables for each basis, i.e S(Z|ÃBW ) = S(Z|ÃB). ...
We point out a critical flaw in the analysis of Quantum Key Distribution (QKD) protocols that employ the two-way error correction protocol Cascade. Specifically, this flaw stems from an incom-plete consideration of all two-way communication that occurs during the Cascade protocol. We present a straightforward and elegant alternative approach that addresses this flaw and produces valid key rates. We exemplify our new approach by comparing its key rates with those generated using older, incorrect approaches, for Qubit BB84 and Decoy-State BB84 protocols. We show that in many practically relevant situations, our rectified approach produces the same key rate as older, incorrect approaches. However, in other scenarios, our approach produces valid key rates that are lower, highlighting the importance of properly accounting for all two-way communication during Cascade.
We present a security proof for variable-length QKD in the Renner framework against IID collective attacks. Our proof can be lifted to coherent attacks using the postselection technique. Our first main result is a theorem to convert a sequence of security proofs for fixed-length protocols satisfying certain conditions to a security proof for a variable-length protocol. This conversion requires no new calculations, does not require any changes to the final key lengths or the amount of error-correction information, and at most doubles the security parameter. Our second main result is the description and security proof of a more general class of variable-length QKD protocols, which does not require characterizing the honest behavior of the channel connecting the users before the execution of the QKD protocol. Instead, these protocols adaptively determine the length of the final key, and the amount of information to be used for error correction, based upon the observations made during the protocol. We apply these results to the qubit BB84 protocol, and show that variable-length implementations lead to higher expected key rates than the fixed-length implementations.
