Finite-key analysis for round-robin-differential-phase-shift quantum key distribution

Hang Liu; Hang Liu; Zhen-Qiang Yin; Zhen-Qiang Yin; Rong Wang; Rong Wang; Feng-Yu Lu; Feng-Yu Lu; Shuang Wang; Shuang Wang; Wei Chen; Wei Chen; Wei Huang; Wei Huang; Bing-Jie Xu; Guang-Can Guo; Zheng-Fu Han; Zheng-Fu Han

doi:10.1364/OE.391924

1. Introduction

Quantum key distribution (QKD) [1,2] is one of the products from science to commercialization. In the field of communication, compared with the traditional communication mode, QKD promises to achieve the unconditional security. QKD allows the two parties, usually called Alice and Bob, to share secure keys. Eavesdropper (Eve) is not restricted by computing power, but the laws of quantum physics.

In early 1980s, Bennett and Brassard proposed the first QKD protocol, BB84 QKD [1]. After that, to enrich its potential applications in different scenarios, scholars have proposed many new protocols, e.g., measurement-device- independent (MDI) QKD [3], differential-phase-shift (DPS) QKD [4,5], round-robin-differential-phase-shift (RRDPS) QKD [6], and twin-field(TF) QKD [7–11]. Among them, RRDPS QKD [6] is a very special one. It shows a unique way to reach the lowest bound of secure key rate, that is allowing communicators to remove monitoring signal disturbance. Besides that, RRDPS is essentially a kind of high dimensional protocols. Therefore, it can tolerate high error rate. These characteristics make RRDPS work even under harsh communication conditions, such as, atmospheric turbulence, light pollution environment, underwater environment. Besides, without signal disturbance monitoring, the communication equipment can be simplified, which further expands the applications.

We first review the procedure of RRDPS briefly. Firstly, Alice sends a series of packets to Bob. Each packet consists of $L$ pulses, and the phases of all pulses are individually and randomly tuned to $0$ or $\pi$. After the channel transmission, part of these pulses finally obtained by Bob. Then, Bob gets a random integer $r\in [1,L-1]$ from a local random number generator (RNG), and do an optical interference measurement. Hence, Bob can extract phase information between the $i$-th pulse and the $(i + r)$-th ($i+r \leq L$) pulse as a shifted key. After that, Bob announces $i$ and $r$ to Alice through a classical authenticated channel. Therefore, Alice could compute $s_{A}=s_{i}\oplus s_{i+r}$ from her local register, where $s_i=0,1$ denotes the phase $0$ and $\pi$ of the $i$-th pulse. In the original protocol [6], the eavesdropper’s information labeled by $I_{AE}$ is proven to be no more than $h_{2}(N/(L-1))$, where $N$ represents the photon-number of each packet, and $h_{2}(x)=-xlog_2{x}-(1-x)log_2({1-x})$ is the binary Shannon entropy. Hence, the protocol even can tolerate $50\%$ error rate in principle, as long as the value of $L$ is large enough.

The feasibility of RRDPS has been shown by several experiments [12–16]. In addition, some new improvement projects are put forward in theory. Among all these theoretical works, Yin’s theoretical method [17] has significantly improved the performance of RRDPS. It is noteworthy that, according to Yin’s theoretical method [17], Alice and Bob can estimate $I_{AE}$ tightly and share key bits with the highest key rate. However, the results can only counter collective attacks, thus it is only applicable in asymptotic case. In real-life, Alice and Bob always generate key bits from finite pulses, and the collective attack cannot be equivalent to the most powerful attack, i.e. coherent attack. Thus, the theoretical work in [17] cannot be used in practice. Fortunately, there exists a universal method to apply the RRDPS to the finite-sized key scenario, that is post-selection technique [18]. In this paper, we use post-selection technique [18] to extend [17]’s theoretical work to finite-sized key scenario and also to be against coherent attack [19–22]. We are going to count an upper bound of $I_{AE}$ under coherence attack. Accordingly, numerical simulations show the performance of RRDPS in different cases, while its merit of running without monitoring signal disturbance still remains. It’s predicted that the key rate of RRDPS in finite-sized key scenario can be comparable to the asymptotic one, which is meaningful for the real-life applications. We emphasize that there may be better methods, such as entropy relationship, entropy accumulation theorem.

2. Finite-key analysis method for RRDPS

First of all, we briefly review the main result of RRDPS in asymptotic case given in [17], and introduce statistical fluctuations under the assumption of collective attack. Then, with the help of post-selection technique [18], the assumption of collective attack is removed and key rate against coherent attack is obtained. Similar logic can be found in [23].

In asymptotic case, after privacy amplification, Alice and Bob extract a string of $l$ bits secure keys. Or we say the secure key rate per pulse is $R=l/N_{em}$. $N_{em}$ represents the total number of emitted pulses.

When $N_{em} \to \infty$, [17] proves that

(1)$$R_{asy}=\frac{1}{L}[Q(1-h_{2}(E))-\sum\limits^{+ \infty}_{i> v_{th}} I_{AE}^{i} e^{{-}L\mu }(L\mu)^{i}/i!-(Q-e_{src})I_{AE}^{v_{th}}]$$

where $Q$ and $E$ are denoted as the gain per packet and total error bit rate, respectively. $\mu$ represents the intensity of each pulse and ${e}_{src}=1-\sum \limits^{v_{th}}_{i=0}e^{-L\mu }(L\mu )^{i}/i!$ is defined as the probability of the photon-number being over $v_{th}$ in each packet. The photon-number in each packet is $i$, and $I^i_{AE}$ represents the information leakage to Eve, given by

(2)$$I_{AE}^{N} = Max_{x_1,x_2,\ldots,x_{N+1}}\{\frac{\sum\limits_{k=1}^{N}\varphi((L-k)x_k,kx_{k+1})}{L-1}\}$$

with real number $x_{k}$ satisfying $\sum \limits^{N+1}_{k=1} x_{k}=1$. Note that in the summation of $i> v_{th}$ in 1, we also refer to [24].

Based on the asymptotic analysis above, we next take finite-sized case into account, while $N_{em}$ is a finite number.

Firstly, we focus on the impact from statistical fluctuations of $e_{src}$. During every round, we mark the events emitting a packet with photon-number larger than $v_{th}$ are true, and else are false. Let $f(m;n,p):=\sum \limits^{n}_{j=m}p^{j}(1-p)^{n-j}n!/[j!(n-j)!]$ be the tail distribution for finding more than $m$ true events in a binomial distribution [6]. Then, we could use the compact estimation, e.g., Chernoff bounds [25] for $e_{src}$. Let the probability $p=e_{src}$, and

(3)$$e^{u}_{src} \leq {e}_{src}+\Delta_{e_{src}}={e}_{src}+\sqrt{\frac{3 e_{src}}{N_{em}}ln{\frac{1}{\epsilon_{PE}}}}$$

where, $\epsilon _{PE}$ represents the probability that parameters estimation fails.

In following, we assume the protocol is $\epsilon$-secure [26], i.e., the maximum failure probability of practical protocol is $\epsilon$. According to universally composable security [27],

(4)$$\epsilon= \epsilon_{PE}+\epsilon_{EC}+\bar{\epsilon}+\epsilon_{PA}$$

where $\epsilon _{EC}$ and $\epsilon _{PA}$ correspond to the probability that error correction fails and the probability that privacy amplification fails, respectively. In addition, $\bar {\epsilon }$ represents the accuracy of estimating the smooth min-entropy. So we obtain the key rate formula against collective attack in finite-sized key region, reads

(5)$$\begin{aligned} R_{col}=&\frac{1}{L}[Q(1-\zeta h_{2}(E))-\sum\limits^{+ \infty}_{i> v_{th}} I_{AE}^{i} e^{{-}L\mu }(L\mu)^{i}/i!-\Delta_{e_{src}} \\ &-(Q-e^{u}_{src})I_{AE}^{v_{th}}]-\frac{1}{N_{em}} log_2{\frac{2}{\epsilon_{EC}}}-\frac{2}{N_{em}}log_2{\frac{1}{\epsilon_{PA}}} \\ &-\frac{7}{N_{em}} \sqrt{n log_2{\frac{2}{\bar{\epsilon}}}}. \end{aligned}$$

Here $\zeta$ is the efficiency of error correction algorithm, and $n$ is the length of sifted key bits.

Nevertheless, if we take coherent attack into account, the analysis above isn’t secure in practice. Fortunately, post-selection technique [18] is a universal way to cover this shortage. In following, we show how to use this technique in our proof.

Post-selection technique quantitatively analyzes how to move from the analysis under collective attack to that under coherent attack. The gap between these two analysis heavily relies on the dimension of the state under the consideration. RRDPS protocol is essentially a high dimensional coding protocol: the quantum state shared by Alice and Bob is $2^{L}\times L$ dimensions. Before Bob measures, Alice has the local register containing $L$-bit information, each of which is in the state $\left | +\right \rangle =\left ( \left | 0\right \rangle +\left | 1\right \rangle \right )/\sqrt {2}$, and controls the phase of a time-bin in the $L$-pulse train respectively, while Bob’s state is $L$-pulse train containing only one photon. Thus, $dim\mathcal {H_{A}}=2^{L}$, $dim\mathcal {H_{B}}=L$. If we assume there are altogether $n$ rounds, the dimensions of quantum state Alice and Bob shared are $d=dim\mathcal {H_{A}}*dim\mathcal {H_{B}}=2^{L}\times L$ in each round.

It is proved in Ref [18]. and further explained in Ref [23]., how we generate $\epsilon _{coh}$-security keys against coherent attack. Firstly, Alice and Bob assume their quantum system is $\rho ^{\otimes n}_{AB}$ and generate $l$-bits secret key with $\epsilon _{col}$-security, which can be done for RRDPS with the help of 5. Then, considering coherent attack’s influences with the help of post-selection technique, the $l$-bits secret key will be shortened by $2(d^{2}-1)log_{2}(n+1)$ bits, where $d=$dim$\mathcal {H_{A}}$*dim$\mathcal {H_{B}}=2^{L}\times L$, and the final security parameter $\epsilon _{coh}$ will be $\epsilon _{col}(n+1)^{(d^{2}-1)}$.

As mentioned above, we can finally give the secure key rate formula of RRDPS protocol against coherent attack in the finite-sized regime, which is given by

(6)$$\begin{aligned}R_{coh}=&\frac{1}{L}[Q(1-\zeta h_{2}(E))-\sum\limits^{+ \infty}_{i> v_{th}} I_{AE}^{i} e^{{-}L\mu }(L\mu)^{i}/i! \\ &-\Delta_{e_{src}}-(Q-e^{u}_{src})I_{AE}^{v_{th}}]-\frac{1}{N_{em}} log_2{\frac{2}{\epsilon_{EC}}}-\frac{2}{N_{em}}log_2{\frac{1}{\epsilon_{PA}}} \\ &-\frac{7}{N_{em}} \sqrt{n log_2{\frac{2}{\bar{\epsilon}}}}-\frac{2((2^L\times L)^{2}-1)}{N_{em}}log_{2}(n+1) \end{aligned}$$

And the relevant security parameter under coherent attack is

(7)$$\epsilon_{coh}=\epsilon_{col}(n+1)^{(2^{L}\times L)^{2}-1}.$$

3. Simulation

3.1 Mathematical calculation

For simplicity, we assume Bob’s single photon detector (SPD) can resolve the photon-number perfectly, and set SPD’s efficiency to be $100\%$. When the delay is $r$, the SPDs open $L-r$ time-windows to detect signal. If and only if there is one click among these $L-r$ time-windows, Bob will record a sifted key bit. Accordingly, when delay value is $r$, the counting rate is given by

(8)$$Q_{r}=(1-d)^{2(L-r)-1} e^{-(L-r)\eta \mu}((L-r)\eta \mu +2(L-r)d)$$

where $\eta =10^{-loss/10}$ is the transmission efficiency of the channel. Then we have the overall counting rate $Q=\sum\limits ^{L-1}_{r=1}Q_{r} /(L-1)$. Moreover, error rate $E$ of sifted key bits can be simulated by

(9)$$\begin{aligned}EQ = &\sum\limits^{L-1}_{r=1}\frac{1}{L-1}(1-d)^{2(L-r)-1} e^{-(L-r)\eta \mu}[(L-r)\eta \mu e_{mis} \\ &+(L-r)d] \end{aligned}$$

where $e_{mis}$ is the misalignment of SPDs.

3.2 Results of simulation

We use Wolfram Mathematica to run the numerical simulations, and the model simulated here is the same as [17]. The simulation results are shown below.

We explain in advance that we fix the security parameter $\epsilon _{coh}=10^{-10}$, dark counting rate $d_{dark}=10^{-6}$ per pulse, $\zeta =1.1$ as the correction efficiency. The RRDPS protocol with certain values of $L=3, 8, 16$ is simulated. We assume $e_{mis}=0.015$, and Fig. 1 shows how the secure key rate of RRDPS varies with channel loss, which implies we need at least $10^{12}$ emitted signals to approach asymptotic case. The results reveal that, if we want to achieve long-distance QKD, larger $L$ and more pulses are necessary to alleviate finite-sized key effects. In Fig. 2, we assume $e_{mis}=0.15$ to show that the RRDPS protocol’s advantage of tolerance of high error rate remains in finite-sized key scenarios. And we point out that when $L$ is equal to $3$, there exists no shifted key. In Fig. 3, we reset $e_{mis}=0.015$ and fix the channel efficiency $\eta =0.1$ to demonstrate how the secret key rate varies with the number of total emitted pulses. It seems that a proper $L$ is important for the performance of RRDPS.

Fig. 1. Secure key rate $R$ versus channel loss. The dotted line and solid line represent asymptotic and finite-key cases, respectively. $\epsilon _{coh}=10^{-10}$, $e_{mis}=0.015$, and all parameters have been optimized. $L=3$, $N_{em}=10^{12}$; $L=8$, $N_{em}=10^{18}$; $L=16$, $N_{em}=10^{24}$. All of them are simulated for the scenarios without monitoring signal disturbance.

Download Full Size | PDF

Fig. 2. Secure key rate $R$ versus channel loss. The dotted line and solid line represent asymptotic and finite-key cases, respectively. $\epsilon _{coh}=10^{-10}$, $e_{mis}=0.15$, and all parameters have been optimized. $L=3$, there is no shifted key; $L=8$, $N_{em}=10^{18.4}$; $L=16$, $N_{em}=10^{27}$. All of them are simulated for the scenarios without monitoring signal disturbance.

Download Full Size | PDF

Fig. 3. Secure key rate $R$ versus total emitted signals. $\epsilon _{coh}=10^{-10}$, $e_{mis}=0.015$, $\eta =0.1$ and all parameters have been optimized. All of them are simulated for the scenarios without monitoring signal disturbance.

Download Full Size | PDF

4. Conclusion

We have extended the asymptotic key rate of RRDPS to finite-sized key region, and use the post-selection technique to analyze the security against coherent attack in details. It’s meaningful to apply RRDPS to real-life applications. In finite-sized key scenarios, our results indicate that the finite-key size effects of RRDPS QKD relies on the dimension of the state, which becomes more pronounced as $L$ increases. As we’ve shown above, if communicators use $L=3$ to run RRDPS protocol, Alice better prepares at least $10^{12}$ pulses as a block to generate secret key bits. Luckily, $N_{em}=10^{12}$ is convenient in present GHZ QKD systems [28–33]. If communicators choose larger $L$, they should emit larger number of $N_{em}$ to alleviate the finite-key effects, and it will inevitably make the QKD system difficult to operate. However, larger $L$ and more pulses seem indispensable to achieve long-distance applications. So, we suggest communicators make a proper choice in $L$ depending on the actual situation.

Comparing to a recent work [34] on RRDPS, our results are more sensitive to finite-sized key effects, i.e. more pulses are needed to approach asymptotic case. The reason is that the post-selection technique may be not tighter than the complementarity method [35] used in [34]. On the other hand, our method has its merit. As the first trial to use post-selection technique in RRDPS protocol, we prove this method is indeed a general and effective way to deal with finite-sized key effects. More importantly, our analysis is based on the theory in [17], which demonstrates the best performance in asymptotic case. Thus, when the number of pulses is larger, our result here can sufficiently approach the optimal secret key rate in principle.

Funding

National Key Research and Development Program of China (Grant No. 2016YFA0302600); National Natural Science Foundation of China (Grant Nos. 61822115, 61961136004, 61775207, 61702469, 61771439, 61627820); National Cryptography Development Fund (Grant No. MMJJ20170120); Anhui Initiative in Quantum Information Technologies.

Disclosures

The authors declare no conflicts of interest.

References

1. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing int,” in Conf. on Computers, Systems and Signal Processing (Bangalore, India, Dec. 1984), (1984), pp. 175–179.

2. A. Ekert, “Quantum cryptography based on bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]

3. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108(13), 130503 (2012). [CrossRef]

4. K. Inoue, E. Waks, and Y. Yamamoto, “Differential phase shift quantum key distribution,” Phys. Rev. Lett. 89(3), 037902 (2002). [CrossRef]

5. T. Moroder, M. Curty, C. C. W. Lim, H. Zbinden, and N. Gisin, “Security of distributed-phase-reference quantum key distribution,” Phys. Rev. Lett. 109(26), 260501 (2012). [CrossRef]

6. T. Sasaki, Y. Yamamoto, and M. Koashi, “Practical quantum key distribution protocol without monitoring signal disturbance,” Nature 509(7501), 475–478 (2014). [CrossRef]

7. M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quantum key distribution without quantum repeaters,” Nature 557(7705), 400–403 (2018). [CrossRef]

8. X. Ma, P. Zeng, and H. Zhou, “Phase-matching quantum key distribution,” Phys. Rev. X 8(3), 031043 (2018). [CrossRef]

9. J. Lin and N. Lütkenhaus, “Simple security analysis of phase-matching measurement-device-independent quantum key distribution,” Phys. Rev. A 98(4), 042332 (2018). [CrossRef]

10. C. Cui, Z.-Q. Yin, R. Wang, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Twin-field quantum key distribution without phase postselection,” Phys. Rev. Appl. 11(3), 034053 (2019). [CrossRef]

11. M. Curty, K. Azuma, and H.-K. Lo, “Simple security proof of twin-field type quantum key distribution protocol,” npj Quantum Inf. 5(1), 64 (2019). [CrossRef]

12. J.-Y. Guan, Z. Cao, Y. Liu, G.-L. Shen-Tu, J. S. Pelc, M. Fejer, C.-Z. Peng, X. Ma, Q. Zhang, and J.-W. Pan, “Experimental passive round-robin differential phase-shift quantum key distribution,” Phys. Rev. Lett. 114(18), 180502 (2015). [CrossRef]

13. H. Takesue, T. Sasaki, K. Tamaki, and M. Koashi, “Experimental quantum key distribution without monitoring signal disturbance,” Nat. Photonics 9(12), 827–831 (2015). [CrossRef]

14. S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, X.-T. Song, H.-W. Li, L.-J. Zhang, Z. Zhou, G.-C. Guo, and Z.-F. Han, “Experimental demonstration of a quantum key distribution without signal disturbance monitoring,” Nat. Photonics 9(12), 832–836 (2015). [CrossRef]

15. Y.-H. Li, Y. Cao, H. Dai, J. Lin, Z. Zhang, W. Chen, Y. Xu, J.-Y. Guan, S.-K. Liao, J. Yin, Q. Zhang, X. Ma, C.-Z. Peng, and J.-W. Pan, “Experimental round-robin differential phase-shift quantum key distribution,” Phys. Rev. A 93(3), 030302 (2016). [CrossRef]

16. F. Bouchard, A. Sit, K. Heshami, R. Fickler, and E. Karimi, “Round-robin differential-phase-shift quantum key distribution with twisted photons,” Phys. Rev. A 98(1), 010301 (2018). [CrossRef]

17. Z.-Q. Yin, S. Wang, W. Chen, Y.-G. Han, R. Wang, G.-C. Guo, and Z.-F. Han, “Improved security bound for the round-robin-differential-phase-shift quantum key distribution,” Nat. Commun. 9(1), 457 (2018). [CrossRef]

18. M. Christandl, R. König, and R. Renner, “Postselection technique for quantum channels with applications to quantum cryptography,” Phys. Rev. Lett. 102(2), 020504 (2009). [CrossRef]

19. M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” Nat. Commun. 3(1), 634 (2012). [CrossRef]

20. M. Curty, F. Xu, W. Cui, C. C. W. Lim, K. Tamaki, and H.-K. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution,” Nat. Commun. 5(1), 3732 (2014). [CrossRef]

21. Y. Wang, W.-S. Bao, C. Zhou, M.-S. Jiang, and H.-W. Li, “Tight finite-key analysis of a practical decoy-state quantum key distribution with unstable sources,” Phys. Rev. A 94(3), 032335 (2016). [CrossRef]

22. C. Zhou, P. Xu, W.-S. Bao, Y. Wang, Y. Zhang, M.-S. Jiang, and H.-W. Li, “Finite-key bound for semi-device-independent quantum key distribution,” Opt. Express 25(15), 16971–16980 (2017). [CrossRef]

23. L. Sheridan, T. P. Le, and V. Scarani, “Finite-key security against coherent attacks in quantum key distribution,” New J. Phys. 12(12), 123019 (2010). [CrossRef]

24. Z. Zhang, X. Yuan, Z. Cao, and X. Ma, “Practical round-robin differential-phase-shift quantum key distribution,” New J. Phys. 19(3), 033013 (2017). [CrossRef]

25. H. Chernoff, “A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations,” Ann. Math. Statist. 23(4), 493–507 (1952). [CrossRef]

26. J. Müller-Quade and R. Renner, “Composability in quantum cryptography,” New J. Phys. 11(8), 085006 (2009). [CrossRef]

27. R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols,” in Proceedings 42nd IEEE Symposium on Foundations of Computer Science, (IEEE, 2001), pp. 136–145.

28. K. J. Gordon, V. Fernandez, G. S. Buller, I. Rech, S. D. Cova, and P. D. Townsend, “Quantum key distribution system clocked at 2 ghz,” Opt. Express 13(8), 3015–3020 (2005). [CrossRef]

29. R. T. Thew, S. Tanzilli, L. Krainer, S. C. Zeller, A. Rochas, I. Rech, S. Cova, H. Zbinden, and N. Gisin, “Low jitter up-conversion detectors for telecom wavelength ghz qkd,” New J. Phys. 8(3), 32 (2006). [CrossRef]

30. H. Takesue, S. W. Nam, Q. Zhang, R. H. Hadfield, T. Honjo, K. Tamaki, and Y. Yamamoto, “Quantum key distribution over a 40-db channel loss using superconducting single-photon detectors,” Nat. Photonics 1(6), 343–348 (2007). [CrossRef]

31. Z. Yuan, A. Dixon, J. Dynes, A. Sharpe, and A. Shields, “Gigahertz quantum key distribution with ingaas avalanche photodiodes,” Appl. Phys. Lett. 92(20), 201104 (2008). [CrossRef]

32. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, S. Miki, T. Yamashita, Z. Wang, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the tokyo qkd network,” Opt. Express 19(11), 10387–10409 (2011). [CrossRef]

33. S. Wang, W. Chen, J.-F. Guo, Z.-Q. Yin, H.-W. Li, Z. Zhou, G.-C. Guo, and Z.-F. Han, “2 ghz clock quantum key distribution over 260 km of standard telecom fiber,” Opt. Lett. 37(6), 1008–1010 (2012). [CrossRef]

34. T. Matsuura, T. Sasaki, and M. Koashi, “Refined security proof of the round-robin differential-phase-shift quantum key distribution and its improved performance in the finite-sized case,” Phys. Rev. A 99(4), 042303 (2019). [CrossRef]

35. M. Koashi, “Simple security proof of quantum key distribution based on complementarity,” New J. Phys. 11(4), 045018 (2009). [CrossRef]

Finite-key analysis for round-robin-differential-phase-shift quantum key distribution

Abstract

Corrections

1. Introduction

2. Finite-key analysis method for RRDPS

3. Simulation

3.1 Mathematical calculation

3.2 Results of simulation

4. Conclusion

Funding

Disclosures

References

Cited By

Figures (3)

Equations (9)

Optics Express