Experimental composable security decoy-state quantum key distribution using time-phase encoding

Hua-Lei Yin; Hua-Lei Yin; Peng Liu; Wei-Wei Dai; Zhao-Hui Ci; Jie Gu; Tian Gao; Qiang-Wei Wang; Zi-Yao Shen

doi:10.1364/OE.401829

1. Introduction

Encryption is an important foundation for ensuring information security. With the rapid development of quantum computing technology, current public-key encryption systems will be seriously threatened. Quantum key distribution (QKD) allows two remote users to exchange information-theoretic secure keys via the quantum laws. Since the first QKD protocol, BB84, was proposed by Bennett and Brassard in 1984 [1]. After nearly 40 years of development, BB84 QKD has become the most practical protocol in quantum information science [2]. By exploiting the weak coherent light to replace the single-photon source, the security and feasibility of BB84 QKD have been widely demonstrated experimentally in fiber [3–8], free space [9,10] and chip integration [11–13] with the help of decoy-state method [14,15]. To implement the qubit encoding of QKD, one usually has five options: polarization [5], phase [4], time-phase [3], frequency [16] and orbital angular momentum [17]. Recent years, the time-phase encoding has received increasing favor in practical system due to two advantages. One is that the reference frame is independent in time basis, which leads a stable and low bit error rate in raw key [8,18–20]. The other is the polarization disturbance immunity in both time and phase bases, which can be deployed in complex field environment.

The original BB84 protocol and its security proof [21] directly provide the phase error rate via the total bit error rate of two bases, which is based on the symmetry of two bases. There are three conditions of this protocol: basis-independent probability selected by Alice, basis-independent probability selected by Bob and the basis-independent detection efficiency, which results in that only half of the raw data can be used to extract key. In order to satisfy the basis-independent detection efficiency condition, one has to reduce the detection efficiency (including intrinsic loss and efficiency of detector at the receiver) of two bases to be consistent [2–5,10], resulting in the lower key rate.

Although QKD can provide secure key in real-time [2], the low secret key rate is always the Achilles’ heel if one applies the one-time pad encryption. The key rate can be directly doubled at most through the efficient BB84 scheme [22] without any new technique requirement. The efficient BB84 scheme exploits the biased basis choice and removes the basis-independent detection efficiency condition. To further increase the key rate, combining a biased basis choice with the decoy-state method is proposed [23–25] by an additional basis-independent detection efficiency condition that usually cannot be satisfied and brings security loopholes in the practical system. Recently, a four-intensity decoy-state BB84 QKD [26] uses a subtle fact, the expected yields of single-photon component prepared in two bases are the same for a given measurement basis, to remove basis-independent detection efficiency condition and provide a higher key rate. A proof-of-principle experiment [27] with polarization encoding has shown tens of times key rate improvement in the case of large asymmetric basis-detection efficiency, where one artificially adds a fixed optical attenuator in the $X$ basis.

In this work, we provide the rigorous finite-key analysis for four-intensity decoy-state BB84 QKD protocol [26]. The security analysis is based on a combination of entropy uncertainty relation [28,29] and a finite-key security bounds [29,30]. We exploit the autonomous time-phase encoding system to experimentally realize this protocol and continuously distribute secret keys for two months. Different from the experiment with polarization encoding [27], there is an 1.8 dB natural difference between the efficiency of two bases at the receiver. By combining the laser seeding technique [31] with asymmetric interferometer, one directly generates the time-bin and phase states without intensity and phase modulators. The real-time extracted secret key rate is more than 60 kbps over 50 km single-mode fiber and can be secure against coherent attacks in the universally composable framework [32]. Furthermore, the quantum signal, synchronization signal and classical communication share a single fiber.

2. Coherent security

We consider a four-intensity decoy-state BB84 QKD protocol [26], where the basis and intensity chosen with probabilities that are biased. Specifically, the intensities of $\mathsf {Z}$ basis sent by Alice are $\mu$ and $\nu$, the intensity of $\mathsf {X}$ basis is $\omega$, together with the vacuum state without basis information. The bases $\mathsf {Z}$ and $\mathsf {X}$ are selected by Bob with probabilities $q_{z}$ and $q_{x}=1-q_{z}$, respectively. The following is a detailed description of the protocol.

1. Preparation. Alice exploits the laser to prepare weak pulses with intensities $\mu$ and $\nu$ in $\mathsf {Z}$ basis, $\omega$ in $\mathsf {X}$ basis and the vacuum state given by a random bit $y_{i}$. The probability of selecting intensity $k$ is $p_{k}$ with $k\in \{\mu ,\nu ,\omega ,0\}$. The weak optical pulses go through the insecure quantum channel to Bob.

2. Measurement. Bob randomly selects basis $\mathsf {Z}$ and $\mathsf {X}$ with probabilities $q_{z}$ and $q_{x}$ to measure the received pulses, respectively. Bob records the effective events and corresponding bit $y_i^{\prime }$. At least one detector click means an effective event. For multiple detector click, he randomly records a bit value and a basis for passive basis detection.

3. Reconciliation. Alice and Bob exploit the authenticated classical channel to announce the effective event, basis and intensity information. They repeat steps 1 to 3 until $|\mathcal {Z}_{k}| \geq n^{z}_{k}$ and $|\mathcal {X}_{k}| \geq n^{x}_{k}$, where the $\mathcal {Z}_{k}$ ($n^{z}_{k}$) is set (number) of $k$ intensity prepared by Alice and measured in $\mathsf {Z}$ basis by Bob.

4. Parameter estimation. Alice and Bob select a size of $n^{z}_{\mu }+n^{z}_{\nu }$ in $\mathcal {Z}_{\mu }\cup \mathcal {Z}_{\nu }$ to get a raw key pair $(\textbf{Z}_\textrm{A},\textbf{Z}_\textrm{B})$. They announce the bit value of set $\mathcal {X}_{\omega }$ and compute the corresponding number of bit error $m_{\omega }^{x}$. All sets are used to compute the observed number of vacuum events $s_0^{zz}$ and single-photon events $s_1^{zz}$ and the observed phase error rate of single-photon events $\phi _1^{zz}$ in $\textbf{Z}_\textrm{A}$. If $\phi _1^{zz}\leq \phi _{\textrm{tol}}$, they move on to step 5. Otherwise, they abort the data and start again.

5. Postprocessing. Alice and Bob apply an error correction with leaking at most $\lambda _\textrm{EC}$ bits of information. They adopt a universal $_{2}$ hash function to perform an error-verification by consuming $\lceil \log _2\frac {1}{\varepsilon _\textrm{cor}}\rceil$ bits of information [33]. At last, they use a universal $_{2}$ hash function to perform privacy amplification on their raw key to get a secret key pair ($\textbf{S}_\textrm{A}$,$\textbf{S}_\textrm{B}$) with $\ell$ bits.

The four-intensity decoy-state BB84 QKD protocol is $\varepsilon _\textrm{cor}$-correct and $\varepsilon _\textrm{sec}$-secret in the universally composable framework with [29,30]

(1)$$\ell = \underline{s}_0^{zz}+\underline{s}_1^{zz}\left[1-h\left( \overline{\phi}_1^{zz} \right)\right]-\lambda_\textrm{EC}-\log_2\frac{2}{\varepsilon_\textrm{cor}}-6\log_2\frac{22}{\varepsilon_\textrm{sec}},$$

where $h(x):=-x\log _2x-(1-x)\log _2(1-x)$, $\Pr [\textbf{S}_\textrm{A}\not =\textbf{S}_\textrm{B}] \leq \varepsilon _\textrm{cor}$ and $(1-p_\textrm{abort})\|\rho _\textrm{AE}-U_\textrm{A} \otimes \rho _\textrm{E}\|_1/2 \leq \varepsilon _\textrm{sec}$. Thereinto, $\rho _\textrm{AE}$ represents the joint state of $\textbf{S}_\textrm{A}$ and $\textbf{E}$, $U_\textrm{A}$ is the uniform mixture of all possible values of $\textbf{S}_\textrm{A}$, and $p_\textrm{abort}$ is the probability that the protocol aborts. $\underline {x}$ and $\overline {x}$ denote the lower and upper bounds of observed value $x$.

Using the decoy-state method for finite sample sizes [29], the expected numbers of vacuum event $\underline {s}_0^{zz^{*}}$ and single-photon event $\underline {s}_1^{zz^{*}}$ in $\textbf{Z}_\textrm{A}$ can be written as

(2)$$\underline{s}_0^{zz^{*}}\geq ( e^{-\mu}p_\mu+ e^{-\nu}p_\nu) \frac{\underline{n}_0^{z^{*}}}{p_0},$$

and

(3)$$\underline{s}_1^{zz^{*}}\geq \frac{\mu^{2} e^{-\mu}p_\mu+\mu\nu e^{-\nu}p_\nu}{\mu\nu-\nu^{2}}\left(e^{\nu} \frac{\underline{n}_\nu ^{z^{*}}}{p_\nu}-\frac{\nu^{2}}{\mu^{2}}e^{\mu} \frac{\overline{n}_\mu^{z^{*}}}{p_\mu}-\frac{\mu^{2}-\nu^{2}}{\mu^{2}}\frac{\overline{n}_0^{z^{*}}}{p_0}\right),$$

where $x^{*}$ is the corresponding expected value of given observed value $x$, and the upper and lower bounds can be acquired by using the variant of Chernoff bound [30]

\begin{aligned} \overline{x}^{*} &= x+\beta+\sqrt{2\beta x+\beta^{2}},\\ \underline{x}^{*} &= x-\frac{\beta}{2}-\sqrt{2\beta x+\frac{\beta^{2}}{4}}.\end{aligned}

with $\beta =\ln \frac {22}{\varepsilon _\textrm{sec}}$. The expected number of single-photon event $\underline {s}_1^{xx^{*}}$ in $\mathcal {X}_{\omega }$ can be given by [26]

(4)$$\underline{s}_1^{xx^{*}}\geq \frac{\mu\omega e^{-\omega}p_\omega}{\mu\nu-\nu^{2}}\left(e^{\nu} \frac{\underline{n}_\nu ^{x^{*}}}{p_\nu}-\frac{\nu^{2}}{\mu^{2}}e^{\mu} \frac{\overline{n}_\mu^{x^{*}}}{p_\mu}-\frac{\mu^{2}-\nu^{2}}{\mu^{2}}\frac{\overline{n}_0^{x^{*}}}{p_0}\right),$$

where one exploits the fact that the expected yield of single-photon prepared in $\mathsf {X}$ basis is equal to $\mathsf {Z}$ basis given the same measurement basis $\mathsf {X}$. Besides, the expected number of bit error $\underline {t}_1^{xx^{*}}$ associated with the single-photon event in $\mathcal {X}_{\omega }$ is [26]

(5)$$\overline{t}_1^{xx} \leq m_{\omega}^{x}-\underline{t}_{0}^{xx},$$

with

(6)$$\underline{t}_{0}^{xx^{*}} =\frac{e^{-\omega}p_{\omega}}{2p_{0}}\underline{n}_{0}^{x^{*}},$$

where one utilizes the fact that expected value $m_{0}^{x^{*}}=n_{0}^{x^{*}}/2$. For a given expected value, one can use the Chernoff bound to obtain the upper and lower bounds of observed value [30]

\begin{aligned} \overline{x} &= x^{*}+\frac{\beta}{2}+\sqrt{2\beta x^{*}+\frac{\beta^{2}}{4}},\\ \underline{x} &= x^{*}-\sqrt{2\beta x^{*}}.\end{aligned}

The hypothetically observed phase error rate associated with the single-photon events in $\textbf{Z}_\textrm{A}$ can be obtained by using the random sampling without replacement [30],

(7)$$\overline{\phi}_1^{zz}=\frac{\overline{t}_1^{xx}}{\underline{s}_1^{xx}}+\gamma^{U}\left(\underline{s}_1^{zz},\underline{s}_1^{xx},\frac{\overline{t}_1^{xx}}{\underline{s}_1^{xx}},\frac{\varepsilon_\textrm{sec}}{22}\right),$$

where

(8)$$\gamma^{U}(n,k,\lambda,\epsilon)=\frac{\frac{(1-2\lambda)AG}{n+k}+ \sqrt{\frac{A^{2}G^{2}}{(n+k)^{2}}+4\lambda(1-\lambda)G}}{2+2\frac{A^{2}G}{(n+k)^{2}}},$$

with $A=\max \{n,k\}$ and $G=\frac {n+k}{nk}\ln {\frac {n+k}{2\pi nk\lambda (1-\lambda )\epsilon ^{2}}}$. The variant of Chernoff bound is used eight times, the Chernoff bound is used four times and the random sampling is used one time. Composing the error terms of finite-sample, we get the factor is 22, including 9 error terms due to the smooth min-entropy estimation [29].

3. Experimental realization

We built a compact and autonomous time-phase encoding QKD system, which continuously distributes secret keys over an optical fiber link using four-intensity decoy-state BB84 protocol secure against coherent attacks. The physical implementation is outlined in Fig. 1. The master laser produces phase-randomized 1.6 ns-wide laser pulses at 1550.12 nm and a repetition rate of 200 MHz. Two pairs of pulses with relative phases 0 and $\pi$ at a 2 ns time delay generated by an asymmetric interferometer are injected into two slave lasers through the optical circulator, respectively. By controlling the trigger electrical signal of two slave lasers, Alice randomly prepares quantum states in $\mathsf {Z}$ (time) and $\mathsf {X}$ (phase) basis using 400 ps-wide laser pulses. The programmable delay chip with 10 ps timing resolution is exploited to calibrate time consistency. The spectral consistency is naturally satisfied due to the laser seeding technique [31]. The decoy-state scheme is stably implemented by using an intensity modulator, a biased beam splitter with 1:99 and a PIN diode. The $99\%$ of light is detected by PIN diode that provides a feedback signal to intensity modulator. A fiber Bragg grating with a 50 GHz nominal bandwidth is aligned to remove extra spurious emission and pre-compensate for the pulse broadening in the fiber transmission [31]. The repetition rates of 100 kHz synchronization pulses with 2 ns-wide at 1310 nm are transmitted from Alice to Bob via the quantum channel by using wavelength division multiplexed. The intensities are set as $\mu =0.35$, $\nu =0.15$, $\omega =0.3$ and 0 with the corresponding probabilities $p_{\mu }=0.78$, $p_{\nu }=0.1$, $p_{\omega }=0.08$ and $p_{0}=0.04$. The vacuum state will be generated if one does not provide the trigger signal to the slave laser. A radio-frequency signal acting on the intensity modulator form two intensities for a pulse. Furthermore, we have $\omega =2\nu$ since there is only one pulse in the $\mathsf {Z}$ basis while two pulses in the $\mathsf {X}$ basis for time-phase encoding.

Fig. 1. Experimental set-up of the decoy-state BB84 QKD system with time-phase encoding. Alice exploits a master laser, two slave lasers and an asymmetric interferometer to prepare optical pulses in $\mathsf {Z}$ and $\mathsf {X}$ basis that are modulated decoy-state using an intensity modulator, before passing through a set of filter, monitor and attenuator to regulate the photon number per pulse. Bob utilizes a biased beam splitter to realize a passive basis detection, following which the pulses either go directly to the time detector or pass through an asymmetric interferometer. A synchronization signal is distributed from Alice to Bob via a wavelength division multiplexed quantum channel. All of the processing is carried out using a FPGA except for the parameter estimation realized in ARM. All classical information is transmitted in a classical channel with an independent optical fiber. BS: beam splitter; Cir: circulator; IM: intensity modulator; FBG: fiber Bragg grating; Att: attenuator; CWDM: coarse wavelength division multiplexer; FM: Faraday mirror; PS: phase shifter; SPD: single-photon detector; QC: quantum channel; CC: classical channel.

Download Full Size | PDF

After the wavelength division demultiplexer, Bob utilizes a biased beam splitter with 3:7 to implement passive choice measurement basis, where the probability of $70\%$ is detected in time ($\mathsf {Z}$) basis and the probability of $30\%$ is detected in phase ($\mathsf {X}$) basis. The phase variation of the interferometer is compensated by a phase shifter, where the feedback algorithm is completed in advanced RISC machines (ARM). There is a 1.8 dB inherent loss difference between two bases due to the optical element. Four 200 megahertz-gated InGaAs/InP single-photon detectors with effective gate width 450 ps are exploited to detect quantum signals. The efficiency of detector is $20\%$ at a 120 dark count per second. The dead times of detectors in $\mathsf {Z}$ and $\mathsf {X}$ are 3 $\mu$s and 5 $\mu$s, respectively. The detection counts of $\mathsf {Z}$ and $\mathsf {X}$ basis will be affected differently due to the dead time, which also introduces the difference in detection efficiency. Note that in order to solve the dead time attack [34], one should put all the detectors into dead time as soon as any detector clicks. The secure and efficient synchronization scheme [35] is used for calibration on four gated-mode single-photon detectors.

We continuously run this QKD system for two months over 50.4 km G.652D single-mode fiber with 9.4 dB loss. The real-time extractable secret key rate is almost all more than 60 kbps in the universally composable framework with $\varepsilon _\textrm{sec}=10^{-10}$. The Winnow algorithm [36] with 1.42 inefficiency of error correction is used to perform the error correction for a block size of 512 kb. An error verification is carried out after each error correction via the LFSR-based Toeplitz matrix construction [37] with 64 bit. Privacy amplification will be performed by using the concatenation of Toeplitz matrix and the identity matrix [38] after accumulating data about 4 Mb via ten times of error correction, where the data excludes the amount of information leaked in error correction. Without loss of generality, the experimental data and estimation parameters of secure key generation in a block are listed in Tables 1 and 2. We exploit lasers with 1270 and 1290 nm and PIN diodes to realize classical communication with 8B/10B encoding [39], which will introduce less noise compared with commercial transceiver if quantum and classic channels share one fiber. In order to reduce the noise of synchronization optical pulses, we discard the count of 100 ns before and after each synchronization optical pulse. Authentication, reconciliation, error correction, error verification and privacy amplification are all carried out in a field-programmable gate array (FPGA) on each side, while the parameter estimation is proceeded in ARM.

Table 1. List of the experimental data for secure key generation.

View Table | View all tables in this article

Table 2. List of the estimation parameters for secure key generation. The parameters $\Lambda$ and $R=\ell /\Lambda$ represent the cumulative time of a block and the secret key rate.

View Table | View all tables in this article

4. Conclusion

In summary, we have experimentally realized the four-intensity decoy-state BB84 QKD with time-phase encoding and exploited tight security bounds for finite-key analysis with composable security against coherent attacks. Our experiment demonstrates that the basis-independent detection efficiency condition has been removed with 1.8 dB difference between time and phase basis of receiver. The stability of our system is very well due to the time-phase encoding. The phase randomness and spectral consistency are guaranteed by the pulsed laser seeding technique [31]. Although the secret key rate of 60 kbps is not very high over 50 km fiber. It’s enough for some encrypted tasks, for example, voice communication. Limiting the secret key generation rate is mainly due to the system repetition frequency and the saturation count rate of the single-photon detector, which will be improved in the future.

Funding

National Natural Science Foundation of China (61801420); Fundamental Research Funds for the Central Universities.

Disclosures

The author declares no conflicts of interest.

References

1. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the Conference on Computers, Systems and Signal Processing, (IEEE Press, New York, 1984), pp. 175–179.

2. S.-K. Liao, W.-Q. Cai, J. Handsteiner, B. Liu, J. Yin, L. Zhang, D. Rauch, M. Fink, J.-G. Ren, W.-Y. Liu, Y. Li, Q. Shen, Y. Cao, F.-Z. Li, J.-F. Wang, Y.-M. Huang, L. Deng, T. Xi, L. Ma, T. Hu, L. Li, N.-L. Liu, F. Koidl, P. Wang, Y.-A. Chen, X.-B. Wang, M. Steindorfer, G. Kirchner, C.-Y. Lu, R. Shu, R. Ursin, T. Scheidl, C.-Z. Peng, J.-Y. Wang, A. Zeilinger, and J.-W. Pan, “Satellite-relayed intercontinental quantum network,” Phys. Rev. Lett. 120(3), 030501 (2018). [CrossRef]

3. A. Tanaka, M. Fujiwara, S. W. Nam, Y. Nambu, S. Takahashi, W. Maeda, K.-i. Yoshino, S. Miki, B. Baek, Z. Wang, A. Tajima, M. Sasaki, and A. Tomita, “Ultra fast quantum key distribution over a 97 km installed telecom fiber with wavelength division multiplexing clock synchronization,” Opt. Express 16(15), 11354–11360 (2008). [CrossRef]

4. Z.-Q. Yin, Z.-F. Han, W. Chen, F.-X. Xu, Q.-L. Wu, and G.-C. Guo, “Experimental decoy state quantum key distribution over 120 km fibre,” Chin. Phys. Lett. 25(10), 3547–3550 (2008). [CrossRef]

5. Y. Liu, T.-Y. Chen, J. Wang, W.-Q. Cai, X. Wan, L.-K. Chen, J.-H. Wang, S.-B. Liu, H. Liang, L. Yang, C.-Z. Peng, K. Chen, Z.-B. Chen, and J.-W. Pan, “Decoy-state quantum key distribution with polarized photons over 200 km,” Opt. Express 18(8), 8587–8594 (2010). [CrossRef]

6. M. Lucamarini, K. Patel, J. Dynes, B. Fröhlich, A. Sharpe, A. Dixon, Z. Yuan, R. Penty, and A. Shields, “Efficient decoy-state quantum key distribution with quantified security,” Opt. Express 21(21), 24550–24565 (2013). [CrossRef]

7. B. Fröhlich, M. Lucamarini, J. F. Dynes, L. C. Comandar, W. W.-S. Tam, A. Plews, A. W. Sharpe, Z. Yuan, and A. J. Shields, “Long-distance quantum key distribution secure against coherent attacks,” Optica 4(1), 163–167 (2017). [CrossRef]

8. A. Boaron, G. Boso, D. Rusca, C. Vulliez, C. Autebert, M. Caloz, M. Perrenoud, G. Gras, F. Bussières, M.-J. Li, D. Nolan, A. Martin, and H. Zbinden, “Secure quantum key distribution over 421 km of optical fiber,” Phys. Rev. Lett. 121(19), 190502 (2018). [CrossRef]

9. T. Schmitt-Manderbach, H. Weier, M. Fürst, R. Ursin, F. Tiefenbacher, T. Scheidl, J. Perdigues, Z. Sodnik, C. Kurtsiefer, J. G. Rarity, A. Zeilinger, and H. Weinfurter, “Experimental demonstration of free-space decoy-state quantum key distribution over 144 km,” Phys. Rev. Lett. 98(1), 010504 (2007). [CrossRef]

10. S.-K. Liao, W.-Q. Cai, W.-Y. Liu, L. Zhang, Y. Li, J.-G. Ren, J. Yin, Q. Shen, Y. Cao, Z.-P. Li, F.-Z. Li, X.-W. Chen, L.-H. Sun, J.-J. Jia, J.-C. Wu, X.-J. Jiang, J.-F. Wang, Y.-M. Huang, Q. Wang, Y.-L. Zhou, L. Deng, T. Xi, L. Ma, T. Hu, Q. Zhang, Y.-A. Chen, N.-L. Liu, X.-B. Wang, Z.-C. Zhu, C.-Y. Lu, R. Shu, C.-Z. Peng, J.-Y. Wang, and J.-W. Pan, “Satellite-to-ground quantum key distribution,” Nature 549(7670), 43–47 (2017). [CrossRef]

11. C. Ma, W. D. Sacher, Z. Tang, J. C. Mikkelsen, Y. Yang, F. Xu, T. Thiessen, H.-K. Lo, and J. K. Poon, “Silicon photonic transmitter for polarization-encoded quantum key distribution,” Optica 3(11), 1274–1278 (2016). [CrossRef]

12. P. Sibson, C. Erven, M. Godfrey, S. Miki, T. Yamashita, M. Fujiwara, M. Sasaki, H. Terai, M. G. Tanner, C. M. Natarajan, R. Hadfield, J. L. O’Brien, and M. Thompson, “Chip-based quantum key distribution,” Nat. Commun. 8(1), 13984 (2017). [CrossRef]

13. D. Bunandar, A. Lentine, C. Lee, H. Cai, C. M. Long, N. Boynton, N. Martinez, C. DeRose, C. Chen, M. Grein, D. Trotter, A. Starbuck, A. Pomerene, S. Hamilton, F. N. C. Wong, R. Camacho, P. Davids, J. Urayama, and D. Englund, “Metropolitan quantum key distribution with silicon photonics,” Phys. Rev. X 8(2), 021009 (2018). [CrossRef]

14. X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. 94(23), 230503 (2005). [CrossRef]

15. H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. 94(23), 230504 (2005). [CrossRef]

16. M. Bloch, S. W. McLaughlin, J.-M. Merolla, and F. Patois, “Frequency-coded quantum key distribution,” Opt. Lett. 32(3), 301–303 (2007). [CrossRef]

17. A. Sit, F. Bouchard, R. Fickler, J. Gagnon-Bischoff, H. Larocque, K. Heshami, D. Elser, C. Peuntinger, K. Günthner, B. Heim, C. Marquardt, G. Leuchs, R. W. Boyd, and E. Karimi, “High-dimensional intracity quantum cryptography with structured photons,” Optica 4(9), 1006–1010 (2017). [CrossRef]

18. H.-L. Yin, T.-Y. Chen, Z.-W. Yu, H. Liu, L.-X. You, Y.-H. Zhou, S.-J. Chen, Y. Mao, M.-Q. Huang, W.-J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X.-B. Wang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. 117(19), 190501 (2016). [CrossRef]

19. N. T. Islam, C. C. W. Lim, C. Cahall, J. Kim, and D. J. Gauthier, “Provably secure and high-rate quantum key distribution with time-bin qudits,” Sci. Adv. 3(11), e1701491 (2017). [CrossRef]

20. D. Bacco, I. Vagniluca, B. Da Lio, N. Biagi, A. Della Frera, D. Calonico, C. Toninelli, F. S. Cataliotti, M. Bellini, L. K. Oxenløwe, and A. Zavatta, “Field trial of a three-state quantum key distribution scheme in the florence metropolitan area,” EPJ Quantum Technol. 6(1), 5 (2019). [CrossRef]

21. P. W. Shor and J. Preskill, “Simple proof of security of the bb84 quantum key distribution protocol,” Phys. Rev. Lett. 85(2), 441–444 (2000). [CrossRef]

22. H.-K. Lo, H. F. Chau, and M. Ardehali, “Efficient quantum key distribution scheme and a proof of its unconditional security,” J. Cryptol. 18(2), 133–165 (2005). [CrossRef]

23. Z. Wei, W. Wang, Z. Zhang, M. Gao, Z. Ma, and X. Ma, “Decoy-state quantum key distribution with biased basis choice,” Sci. Rep. 3(1), 2453 (2013). [CrossRef]

24. H. Jiang, M. Gao, B. Yan, W. Wang, and Z. Ma, “Universally-composable finite-key analysis for efficient four-intensity decoy-state quantum key distribution,” Eur. Phys. J. D 70(4), 78 (2016). [CrossRef]

25. C.-C. Mao, J. Li, J.-R. Zhu, C.-M. Zhang, and Q. Wang, “An improved proposal on the practical quantum key distribution with biased basis,” Quantum Inf. Process. 16(10), 256 (2017). [CrossRef]

26. Z.-W. Yu, Y.-H. Zhou, and X.-B. Wang, “Reexamination of decoy-state quantum key distribution with biased bases,” Phys. Rev. A 93(3), 032307 (2016). [CrossRef]

27. H. Liu, Z.-W. Yu, M. Zou, Y.-L. Tang, Y. Zhao, J. Zhang, X.-B. Wang, T.-Y. Chen, and J.-W. Pan, “Experimental 4-intensity decoy-state quantum key distribution with asymmetric basis-detector efficiency,” Phys. Rev. A 100(4), 042313 (2019). [CrossRef]

28. M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” Nat. Commun. 3(1), 634 (2012). [CrossRef]

29. C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy-state quantum key distribution,” Phys. Rev. A 89(2), 022307 (2014). [CrossRef]

30. H.-L. Yin, M.-G. Zhou, J. Gu, Y.-M. Xie, Y.-S. Lu, and Z.-B. Chen, “Tight security bounds for decoy-state quantum key distribution,” Sci. Rep. 10(1), 14312 (2020). [CrossRef]

31. L. Comandar, M. Lucamarini, B. Fröhlich, J. Dynes, A. Sharpe, S.-B. Tam, Z. Yuan, R. Penty, and A. Shields, “Quantum key distribution without detector vulnerabilities using optically seeded lasers,” Nat. Photonics 10(5), 312–315 (2016). [CrossRef]

32. J. Müller-Quade and R. Renner, “Composability in quantum cryptography,” New J. Phys. 11(8), 085006 (2009). [CrossRef]

33. M. N. Wegman and J. L. Carter, “New hash functions and their use in authentication and set equality,” J. Comput. Syst. Sci. 22(3), 265–279 (1981). [CrossRef]

34. H. Weier, H. Krauss, M. Rau, M. Fürst, S. Nauerth, and H. Weinfurter, “Quantum eavesdropping without interception: an attack exploiting the dead time of single-photon detectors,” New J. Phys. 13(7), 073024 (2011). [CrossRef]

35. P. Liu and H.-L. Yin, “Secure and efficient synchronization scheme for quantum key distribution,” OSA Continuum 2(10), 2883–2890 (2019). [CrossRef]

36. W. T. Buttler, S. K. Lamoreaux, J. R. Torgerson, G. H. Nickel, C. H. Donahue, and C. G. Peterson, “Fast, efficient error reconciliation for quantum cryptography,” Phys. Rev. A 67(5), 052303 (2003). [CrossRef]

37. H. Krawczyk, “Lfsr-based hashing and authentication,” in Advances in Cryptology-CRYPTO’94, (Springer, 1994), pp. 129–139.

38. M. Hayashi, “Exponential decreasing rate of leaked information in universal random privacy amplification,” IEEE Trans. Inf. Theory 57(6), 3989–4001 (2011). [CrossRef]

39. A. X. Widmer and P. A. Franaszek, “A dc-balanced, partitioned-block, 8b/10b transmission code,” IBM J. Res. Dev. 27(5), 440–451 (1983). [CrossRef]

Experimental composable security decoy-state quantum key distribution using time-phase encoding

Abstract

1. Introduction

2. Coherent security

3. Experimental realization

4. Conclusion

Funding

Disclosures

References

Cited By

Figures (1)

Tables (2)

Equations (10)

Optics Express