## Abstract

Continuous-variable quantum key distribution (CVQKD) with a real local oscillator (LO) is confronted with new security problems due to the reference pulses transmitted together with quantum signals over the insecure quantum channel. In this paper, we propose a method of phase attack on reference pulses of the CVQKD with real LOs. Under the phase attack, the phase drifts of reference pulses are manipulated by eavesdroppers, and then the phase compensation error is increased. Consequently, the secret key rate is reduced due to the imperfect phase compensation for quantum signals. Based on the noise model of imperfect phase compensation, the practical security of the CVQKD under phase attack is analyzed. Besides, we propose an effective method to detect the intensity of phase attack, in which the deviation of phase compensation error on quantum signals and that on reference signals are monitored in real time. The simulation results show that the security analysis is accurate and the method of phase attack detection is feasible.

© 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. Introduction

Continuous-variable quantum key distribution (CVQKD) allows two remote participants to establish a common key through an insecure quantum channel [1]. The CVQKD scheme using Gaussian-modulated coherent states (GMCS) is the most favorable one due to its optimal transmission rate under the Gaussian noise channel and its excellent compatibility with standard optical equipments [2]. So far, the GMCS-CVQKD scheme has been theoretically proven to be unconditionally secure against collective attacks [3–5] and coherent attacks [6–9]. Meanwhile, lots of experiments on GMCS-CVQKD scheme have demonstrated its availability over long distance [10,11].

In the traditional GMCS-CVQKD experiments, a local oscillator (LO) is required to be transmitted from the sender Alice to the receiver Bob over the insecure quantum channel for implementing the high-efficiency homodyne detection at Bob’s side. However, the transmission of LOs brings some serious issues quickly. Firstly, the LO transmitted over the insecure quantum channel is most likely to be controlled by the eavesdropper Eve who can take practical attacks such as the LO fluctuation attack [12], the wavelength attack [13] and the saturation attack [14]. Although some solutions have been proposed to enhance the security of practical systems [15–18], it is difficult to protect practical systems from all the potential security loopholes caused by the LO transmission. Secondly, the scattered photons from the intense LO may contaminate the weak quantum signals [19], so that a complicated hardware is required to separate them. Finally, the shot-noise-limited coherent detection cannot be achieved when the LO is significantly attenuated after the long-distance transmission [20–22]. Therefore, the traditional GMCS-CVQKD scheme is confronted with the potential security threats and the limited transmission rate due to the LO transmitted over the insecure quantum channel.

Recently, in order to completely solve those problems caused by LO transmission, a novel scheme based on the real LOs is proposed. In this CVQKD scheme, LOs are generated locally at Bob’s side for coherent detection, while reference pulses are generated by the laser for the preparation of quantum signals at Alice’s side and then they are sent to Bob for phase compensation [23–25]. Contributed to the real LOs at Bob’s side, all the problems caused by the transmitted LOs are eliminated in this novel CVQKD scheme. The real LOs are absolutely controlled by the receiver Bob so that the shot-noise-limited coherent detection can be achieved and the practical security is enhanced. Besides, the reference pulses can be transmitted with quantum signals over the same quantum channel by time-multiplexing and polarization-multiplexing, so that it is easy for practical systems to separate them. Also, the quantum signals can be prevented from being contaminated, because the intensity of reference pulse is significantly lower than that of the transmitted LOs [26,27].

However, while the issues caused by LO transmission are eliminated, the reference pulses may bring new loopholes at the same time. The role of reference pulses is to provide precise phase information for phase compensation at Bob’s side, but these reference pulses are also confronted with the potential threats from the insecure quantum channel. If these reference pulses are manipulated by eavesdroppers, the phase information carried by them will become unreliable, and then the phase compensation for coherent detection will become imperfect. Consequently, the security of the CVQKD scheme will be reduced by the imperfect phase compensation [28,29].

In this paper, we present a method of phase attack on reference pulses in the CVQKD with real LOs. Under the phase attack, the phase noise of reference pulses can be easily manipulated by eavesdroppers, and then the phase compensation error is increased. Based on the noise model of imperfect phase compensation, the practical security of this scheme is analyzed. The simulation results show that the theoretical secret key rate is consistent with the practical one that is estimated by training signals. Besides, we provide an effective method to detect the intensity of phase attack, in which the deviation of phase compensation error on quantum signals and that on reference pulses are monitored in real time. The simulation results show that the method of phase attack detection is feasible.

The remainder of this paper is organized as follows: In Sec. 2, the phase attack on reference pulses of the CVQKD scheme with real LOs is described, and then the practical security is analyzed. The method of phase attack detection is introduced in Sec. 3. The simulation results of the secret key rates and phase attack detection are demonstrated in Sec. 4. Conclusions are drawn in Sec. 5.

## 2. Phase attack scheme

In this section, we describe the CVQKD scheme with real LOs as well as phase compensation, and then the method of phase attack on reference pulses is proposed. The security of this CVQKD scheme is analyzed when the under the phase attack is considered. Besides, we reveal that the secret key rate is still tight when the existing method of parameters estimation is adopted.

#### 2.1. System description

The CVQKD system with real LOs is depicted in Fig. 1. The sender Alice uses a commercial laser to generate a set of optical pulses and splits them with a beam splitter (BS) into signal path and reference path. In signal path, the optical pulses are modulated by an amplitude modulator (AM) and a phase modulator (PM), then the quantum signals of Gaussian-modulated coherent states are generated, of which the quadratures ${X}_{\text{A}}$ and ${P}_{\text{A}}$ are two independent random variables with Gaussian distribution $N(0,{V}_{\text{A}})$, where ${V}_{\text{A}}$ denotes the modulation variance. Then, the quantum signals are delayed for a period of pulse transmission, and then they are multiplexed with reference pulses in time-domain. Both of quantum signals and reference pulses are sent to the receiver Bob through a quantum channel with transmittance $T$ and excess noise ${\epsilon}_{\text{c}}$, where the total channel-added noise referred to the channel input is expressed in shot noise units as ${\chi}_{\text{line}}=1/T-1+{\epsilon}_{\text{c}}$.

At Bob’s side, the received pulses are split into reference path and signal path by demultiplexing in time-domain. In reference path, the phase drifts of reference pulses are measured by a heterodyne detector and they are used to compensate the phase drifts of quantum signals. In signal path, the received quantum signals are measured by a homodyne detector with the same LOs those are used for the phase measurement of reference pulses. Because quantum signals and reference pulses go through the same phase drifts, the phase drifts of quantum signals can be compensated by reference pulses, so that the quadrature $X$ or quadrature $P$ of a quantum signal can be measured exactly where the measurement basises are randomly selected by Bob. For a practical homodyne detector of detection efficiency $\eta $ and electronic noise variance ${v}_{\text{el}}$ in shot noise units, the detection noise referred to Bob’s input is given by ${\chi}_{\mathrm{hom}}=(1+{v}_{\text{el}})/\eta -1$, and the total noise referred to the channel input is given by ${\chi}_{\text{tot}}={\chi}_{\text{line}}+{\chi}_{\text{hom}}/T$.

#### 2.2. Phase compensation

The pilot-sequential scheme [23] is a common method of phase compensation for the channel with fast-drift and slow-drift. The basic idea of this scheme is using the following reference pulse to estimate the phase drift of the front quantum signal. Assuming that the phase drift is constant during a short time in which a quantum signal and the following reference pulse are received, the phase drift of this quantum signal can be compensated perfectly. For quantum signals, the relative phase drift between the phase of Alice’s laser and that of Bob’s laser is given by

where${\theta}_{\text{A}}$ is the phase of the optical pulse from Alice’s laser, ${\theta}_{\text{B}}$ is the phase of the optical pulse from Bob’s laser, and ${\phi}_{\text{S}}^{\text{ch}}$ is the phase drift of quantum channel on the quantum signal. Similarly, the relative phase drift of the corresponding reference pulse is given bywhere ${\phi}_{\text{R}}^{\text{ch}}$is the phase drift of quantum channel on the reference pulse. If the phase jitter of Alice’s laser and that of Bob’s laser are neglected, the relative phase drift of the quantum signal can be estimated by that of the reference pulse. Therefore, the phase compensation error can be expressed as#### 2.3. Phase attack

For the CVQKD scheme with time-multiplexing, the eavesdropper Eve can easily demultiplex quantum signals and reference pulses from the transmitted pulses, and then she takes attacks on both of them as shown in Fig. 2.

On the on hand, Eve is able to take entangling cloner attack [30] on quantum signals as the traditional way, the impact of which can be totally described by the channel parameters involving transmittance and excess noise. After the entangling cloner attack, the entangled signals are stored by quantum memories and they will be measured after Bob’s detection, while the quantum signals are delayed for being multiplexed with the manipulated reference pulses later. On the other hand, Eve is also able to take phase attack on reference pulses to increase the phase compensation error. Firstly, the reference pulses are measured by a heterodyne detector so that the phases of them are obtained by Eve. Secondly, the new reference pulses, contaminated by the additional phase noises, are produced and sent into quantum channel together with signal pulses. Consequently, the relative phase drifts of reference pulses are interfered by the additional phase noise because of Eve’s phase attack. Under the phase attack, the relative phase drift of the reference pulse is given by

where${\phi}_{\text{R}}^{\text{attack}}$ is the additional phase noise caused by Eve’s phase attack on the reference pulse. Therefore, the actual phase compensation error of the quantum signal can be expressed asIt is easy to find that the phase attack on the reference pulses could increase the phase compensation error and lead to an imperfect phase compensation. Assuming that the phase noise of quantum channel is zero-mean and with variance ${V}_{\text{ch}}$, while the phase noise caused by Eve’s phase attack is zero-mean and with variance ${V}_{\text{attack}}$, the deviation of the actual phase compensation error can be given by

#### 2.4. Security analysis

The security analyses of the traditional GMCS-CVQKD scheme with the imperfect phase compensation have been discussed in some existing researches [28,29]. Here, we utilize the noise model of imperfect phase compensation for the traditional GMCS-CVQKD to analyze the practical security of the CVQKD with real LOs.

For the CVQKD with imperfect phase compensation, the modulated coherent states are transmitted over a quantum channel with transmittance $T$and excess noise ${\epsilon}_{\text{c}}$, and then the actual phase compensation error $\delta {{\varphi}^{\prime}}_{\text{S}}$ leads to a random phase rotation between the modulated coherent state $({X}_{\text{A}},{P}_{\text{A}})$ and the measured one $({X}_{\text{B}},{P}_{\text{B}})$. Therefore, the measurement results can be expressed as

For the CVQKD with imperfect phase compensation, the parameters ${T}_{\kappa}$ and ${\epsilon}_{\text{c}}^{\kappa}$ are closely related to the phase compensation accuracy $\kappa $ which can be expressed as

where $E[x]$ denotes the expectation of a random variable $x$. When the actual phase compensation error $\delta {{\varphi}^{\prime}}_{\text{S}}$ is smaller than 5 degrees, the Taylor approximation $\mathrm{cos}x\approx 1-{x}^{2}/2$ can be achieved, thus the phase compensation accuracy can be approximated aswhere ${V}_{\text{S}}$ is the deviation of phase compensation error introduced in Eq. (6).In the case of reverse reconciliation, the secret key rate of the CVQKD system under collective attack is calculated asymptotically as

where $\beta $is the reconciliation efficiency, ${I}_{\text{AB}}$ is the Shannon mutual information between Alice and Bob, and ${\chi}_{\text{BE}}$ is the Holevo bound that defines the maximum information available to Eve on Bob’s secret information. For the homodyne detection employed by Bob, the Shannon mutual information is given byThe Holevo bound can be derived from the covariance matrix ${\gamma}_{\text{AB}}$ shown in Eq. (9) and then it is calculated as

#### 2.5. Parameters estimation

In the practical CVQKD systems, the actual transmittance ${T}_{\kappa}$ and the actual excess noise ${\epsilon}_{\text{c}}^{\kappa}$ can be estimated by the training signals which are randomly chosen from the received quantum signals at Bob’s side. It is supposed that Bob randomly chooses $M$ quantum signals for training, and then the quadrature measurements of them are denoted as $\left\{{y}_{i}\right\}$ for $i=1,2,\mathrm{...},M$. Also, the modulated quadratures of the training signals, denoted as $\left\{{x}_{i}\right\}$, are announced by Alice via a classical channel. According to the training signals, Alice and Bob would estimate the actual transmittance and the actual excess noise such as

Statistically, the expectations of the estimated parameters are equal to the theoretical ones as $E[{\widehat{T}}_{\kappa}]={T}_{\kappa}$ and $E[{\widehat{\epsilon}}_{c}^{\kappa}]={\epsilon}_{c}^{\kappa}$, so that the practical secret key rate for the LLO-CVQKD under collective attacks can also be calculated.

## 3. Phase attack detection

In practical systems, it is necessary for two remote participants to discover eavesdropping. When they discover eavesdropping, they can switch the quantum channel to a secure one or change transmission strategies to avoid attacks. However, the phase noise caused by Eve’s attack is attached to that of quantum channel, so that it cannot be recognized from the actual phase compensation error. In order to detect the phase attack on reference pulses, an effective method is proposed in this section.

In our method, the deviations of phase compensation error on quantum signals and that on reference pulses are monitored in real time as shown in Fig. 3. Specifically, the receiver Bob randomly chooses $M$ quantum signals as training signals from a block of $N$ received quantum signals, and then the modulated quadratures and measured ones of these training signals are shared by Alice and Bob via a classical channel. Therefore, the deviation of phase compensation error on quantum signals can be estimated by these training signals, the theoretical value of which has been given by Eq. (6). Meanwhile, all the received reference pulses in a block can be utilized to monitor the deviation of phase compensation error on reference pulses. In order to eliminate the fast-drift and slow-drift of quantum channel, the relative phase drift of a reference pulse can be estimated by the following one. Assuming that the phase drift of quantum channel is constant during the transmission of two successive reference pulses, the actual phase compensation error of the $i\text{-th}$ reference pulse can be expressed as

This method is able to exactly evaluate the intensity of phase attack according to the difference between the deviation of phase compensation error on reference pulses and that on quantum signals, so that the participants are able to judge whether the phase attack is present or not. Also, the construction of the practical CVQKD system is still kept as before, because the phase measurement of reference pulses is also needed in the previous CVQKD with real LOs.

## 4. Simulation

The secret key rates for the CVQKD under phase attack are shown in Fig. 4. In the simulations, the parameters are fixed at ${V}_{\text{A}}=18.9$, ${v}_{\text{el}}=0.001$, ${\epsilon}_{\text{c}}=0.01$ (in shot-noise units), $\beta =0.926$and $\eta =0.59$, all of which are determined by the practical CVQKD experiment [28]. Furthermore, the phase noise of quantum channel and that caused by Eve’s phase attack are considered. It is assumed that the phase noise of quantum channel submits to the normal distribution with variance ${V}_{\text{ch}}=$0.0001 (rad^{2}). Also, it is supposed that the phase noise caused by Eve’s phase attack submits to the normal distribution with variance ${V}_{\text{attack}}=$0.0000, 0.0009 and 0.0025 (rad^{2}) respectively, and then the phase compensation accuracy $\kappa $ is evaluated as 0.9998, 0.9994 and 0.9986 respectively. Based on the noise model of imperfect phase compensation, the theoretical secret key rates of the CVQKD under phase attack can be evaluated, the curves of which are respectively drawn by the solid line, dash line and dotted line.

In order to confirm the validity of our security analysis, 2000 Gaussian-modulated coherent states and 2000 reference pulses are generated, all of which are added with a normally-distributed phase noise with variance ${V}_{\text{ch}}=$0.0001 (rad^{2}). Moreover, those reference pulses are contaminated by another normally-distributed phase noise with variance ${V}_{\text{attack}}=$0.0000, 0.0009 and 0.0025 (rad^{2}) respectively. According to the parameters estimation mentioned previously, the actual transmittance ${\widehat{T}}_{\kappa}$ and the actual excess noise ${\widehat{\epsilon}}_{c}^{\kappa}$can be estimated by these quantum signals. The practical secret key rates based on the estimated parameters are depicted by the circles, squares and triangles. The results show that the secret key rate is reduced due to the phase attack, but it is still tight enough since the practical secret key rates derived from training signals are consistent with the theoretical ones.

The simulation results of phase attack detection are shown in Fig. 5. It is assumed that the phase noise of quantum channel is normally distributed with variance ${V}_{\text{ch}}=$0.0001 (rad^{2}). Also, the phase noise caused by Eve’s attack is normally distributed with variance ${V}_{\text{attack}}=$0.0009 (rad^{2}). Theoretically, the deviation of phase compensation error on quantum signals is 0.0011 (rad^{2}) or 3.61 (degree^{2}), while that on reference pulses is 0.0020 (rad^{2}) or 6.56 (degree^{2}). In the simulations, the quantum signals are only contaminated by the phase noise of quantum channel, while the reference pulses are contaminated by the phase noise of quantum channel and the phase noise caused by Eve’s phase attack simultaneously. In a data block, 5000 quantum signals and 5000 reference pulses are generated, of which 2000 training signals are randomly chosen to estimate the deviation of phase compensation error on quantum signals. Meanwhile, almost all of the reference pulses can be used to estimate the deviation of phase compensation error on reference pulses, except for the last one. Therefore, the deviation of phase compensation error on quantum signals and that on reference pulses can be estimated for each block. By the comparison of the theoretical deviations and the practical ones, the method of phase attack detection is proved to be feasible.

## 5. Conclusion

In this paper, we propose a method of phase attack on reference pulses of the CVQKD with real LOs. The reference pulses are manipulated by eavesdroppers, and then the phase drifts of them are added with another phase noise. Therefore, the entangling cloner attack on quantum signals and the phase attack on reference pulses are implemented by Eve simultaneously. Consequently, the secret key rate and the secure distance are decreased remarkably due to the increasing phase compensation noise, part of which is controlled by Eve. The practical security of the CVQKD under phase attack is analyzed based on the noise model of imperfect phase compensation. In order to detect the intensity of phase attack, an effective method is proposed, in which the deviation of phase compensation error on quantum signals and that on reference pulses are monitored in real time. The simulation results show that the security analysis is accurate and the method of phase attack detection is feasible.

## Funding

National Natural Science Foundation of China (U1738204, 61571096, 61775030); Foundation of Key Laboratory of Optical Engineering Chinese Academy of Sciences (2017LBC003).

## References

**1. **C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” Rev. Mod. Phys. **84**(2), 621–669 (2012). [CrossRef]

**2. **F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature **421**(6920), 238–241 (2003). [CrossRef] [PubMed]

**3. **A. Leverrier, F. Grosshans, and P. Grangier, “Finite-size analysis of a continuous-variable quantum key distribution,” Phys. Rev. A **81**(6), 062343 (2010). [CrossRef]

**4. **A. Leverrier, “Composable security proof for continuous-variable quantum key distribution with coherent States,” Phys. Rev. Lett. **114**(7), 070501 (2015). [CrossRef] [PubMed]

**5. **E. Diamanti and A. Leverrier, “Distributing secret keys with quantum continuous variables: principle, security and implementations,” Entropy (Basel) **17**, 6072–6092 (2015). [CrossRef]

**6. **R. Renner and J. I. Cirac, “De Finetti representation theorem for infinite-dimensional quantum systems and applications to quantum cryptography,” Phys. Rev. Lett. **102**(11), 110504 (2009). [CrossRef] [PubMed]

**7. **F. Furrer, T. Franz, M. Berta, A. Leverrier, V. B. Scholz, M. Tomamichel, and R. F. Werner, “Continuous variable quantum key distribution: finite-key analysis of composable security against coherent attacks,” Phys. Rev. Lett. **109**(10), 100502 (2012). [CrossRef] [PubMed]

**8. **A. Leverrier, R. García-Patrón, R. Renner, and N. J. Cerf, “Security of continuous-variable quantum key distribution against general attacks,” Phys. Rev. Lett. **110**(3), 030502 (2013). [CrossRef] [PubMed]

**9. **A. Leverrier, “Security of continuous-variable quantum key distribution via a Gaussian de Finetti reduction,” Phys. Rev. Lett. **118**(20), 200501 (2017). [CrossRef] [PubMed]

**10. **P. Jouguet, S. Kunz-Jacques, A. Leverrier, P. Grangier, and E. Diamanti, “Experimental demonstration of long-distance continuous-variable quantum key distribution,” Nat. Photonics **7**(5), 378–381 (2013). [CrossRef]

**11. **D. Huang, P. Huang, D. Lin, and G. Zeng, “Long-distance continuous-variable quantum key distribution by controlling excess noise,” Sci. Rep. **6**(1), 19201 (2016). [CrossRef] [PubMed]

**12. **X. C. Ma, S. H. Sun, M. S. Jiang, and L. M. Liang, “Local oscillator fluctuation opens a loophole for Eve in practical continuous-variable quantum-key-distribution systems,” Phys. Rev. A **88**(2), 022339 (2013). [CrossRef]

**13. **J. Z. Huang, C. Weedbrook, Z. Q. Yin, S. Wang, H. W. Li, W. Chen, G. C. Guo, and Z. F. Han, “Quantum hacking of a continuous-variable quantum-key-distribution system using a wavelength attack,” Phys. Rev. A **87**(6), 062329 (2013). [CrossRef]

**14. **H. Qin, R. Kumar, and R. Alléaume, “Quantum hacking: saturation attack on practical continuous-variable quantum key distribution,” Phys. Rev. A (Coll. Park) **94**(1), 012325 (2016). [CrossRef]

**15. **X. C. Ma, S. H. Sun, M. S. Jiang, M. Gui, Y. L. Zhou, and L. M. Liang, “Enhancement of the security of a practical continuous-variable quantum-key-distribution system by manipulating the intensity of the local oscillator,” Phys. Rev. A **89**(3), 032310 (2014). [CrossRef]

**16. **W. Liu, J. Peng, P. Huang, D. Huang, and G. Zeng, “Monitoring of continuous-variable quantum key distribution system in real environment,” Opt. Express **25**(16), 19429–19443 (2017). [CrossRef] [PubMed]

**17. **P. Jouguet, S. Kunz-Jacques, and E. Diamanti, “Preventing calibration attacks on the local oscillator in continuous-variable quantum key distribution,” Phys. Rev. A **87**(6), 062313 (2013). [CrossRef]

**18. **P. Huang, J. Huang, T. Wang, H. Li, D. Huang, and G. Zeng, “Robust continuous-variable quantum key distribution against practical attacks,” Phys. Rev. A (Coll. Park) **95**(5), 052302 (2017). [CrossRef]

**19. **B. Qi, L. Huang, L. Qian, and H. K. Lo, “Experimental study on the Gaussian-modulated coherent-state quantum key distribution over standard telecommunication fibers,” Phys. Rev. A **76**(5), 052323 (2007). [CrossRef]

**20. **D. Huang, D. Lin, C. Wang, W. Liu, S. Fang, J. Peng, P. Huang, and G. Zeng, “Continuous-variable quantum key distribution with 1 Mbps secure key rate,” Opt. Express **23**(13), 17511–17519 (2015). [CrossRef] [PubMed]

**21. **Y. M. Chi, B. Qi, W. Zhu, L. Qian, H. K. Lo, S. H. Youn, A. I. Lvovsky, and L. Tian, “A balanced homodyne detector for high-rate gaussian-modulated coherent-state quantum key distribution,” New J. Phys. **13**(1), 013003 (2011). [CrossRef]

**22. **D. Huang, J. Fang, C. Wang, P. Huang, and G. Zeng, “A 300-MHz bandwidth balanced homodyne detector for continuous variable quantum key distribution,” Chin. Phys. Lett. **30**(11), 114209 (2013). [CrossRef]

**23. **B. Qi, P. Lougovski, R. Pooser, W. Grice, and M. Bobrek, “Generating the local oscillator“locally”in continuous-variable quantum key distribution based on coherent detection,” Phys. Rev. X **5**(4), 041009 (2015). [CrossRef]

**24. **D. B. S. Soh, C. Brif, P. J. Coles, N. Lütkenhaus, R. M. Camacho, J. Urayama, and M. Sarovar, “Self-referenced continuous-variable quantum key distribution protocol,” Phys. Rev. X **5**(4), 041010 (2015). [CrossRef]

**25. **D. Huang, P. Huang, D. Lin, C. Wang, and G. Zeng, “High-speed continuous-variable quantum key distribution without sending a local oscillator,” Opt. Lett. **40**(16), 3695–3698 (2015). [CrossRef] [PubMed]

**26. **T. Wang, P. Huang, Y. Zhou, W. Liu, H. Ma, S. Wang, and G. Zeng, “High key rate continuous-variable quantum key distribution with a real local oscillator,” Opt. Express **26**(3), 2794–2806 (2018). [CrossRef] [PubMed]

**27. **T. Wang, P. Huang, Y. Zhou, W. Liu, and G. Zeng, “Pilot-multiplexed continuous-variable quantum key distribution with a real local oscillator,” Phys. Rev. A (Coll. Park) **97**(1), 012310 (2018). [CrossRef]

**28. **P. Huang, D. Lin, D. Huang, and G. Zeng, “Security of continuous-variable quantum key distribution with imperfect phase compensation,” Int. J. Theor. Phys. **54**(8), 2613–2622 (2015). [CrossRef]

**29. **P. Jouguet, S. Kunz-Jacques, E. Diamanti, and A. Leverrier, “Analysis of imperfection in practical continuous-variable quantum key distribution,” Phys. Rev. A **86**(3), 032309 (2012). [CrossRef]

**30. **F. Grosshans, N. J. Cerf, J. Wenger, R. Tualle-Brouri, and P. Grangier, “Virtual entanglement and reconciliation protocols for quantum cryptography with continuous variables,” Quantum Inf. Comput. **3**(7), 535–552 (2003).