Finite-key security analysis for quantum key distribution with leaky sources

Wang, Weilong; Tamaki, Kiyoshi; Curty, Marcos

doi:10.1088/1367-2630/aad839

Cited by 45 publications

(75 citation statements)

References 39 publications

(134 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specially, we have simulated the secret key rate under three particular examples of THA, where Eve sends coherent pulses of light to probe the intensity modulators and phase modulators of the legitimate parties. Similar to the analysis presented in [25], we have introduced an additional post-processing step in the actual protocol where Alice and Bob sacrifice part of their data. This step is necessary for the security proof to go through.…”

Section: Conclusion and Discussionmentioning

confidence: 99%

“…Eve's systems [25]. As a result, the parameter D j A j B ,ss Z,nm does not depend on the basis Z nor on the photon number n, m. Therefore, we shall denote it by D j A j B ,ss .…”

Section: Conclusion and Discussionmentioning

confidence: 99%

“…The steps to estimate the phase error rate e U ph are as follows. First, one can redo the analysis above for those "click" events in the relay which are associated with an error (see [24,25]). That is, now we focus on the quantities E error,nm,j A j B |χ which denote the expected number of events when Alice and Bob select the intensity settings γ j A and γ j B to send an n-photon pulse and an m-photon pulse, respectively, and the relay's detectors provide a click corresponding to an error given that both Alice and Bob select the χ basis.…”

Section: The Finite-key Regimementioning

confidence: 99%

“…We further assume that the back-reflected light from the IM has the form β r e iθr , where the values of the parameters β r and θ r depend on Alice's and Bob's intensity settings each given time with r ∈ {s, v, w}, and the back-reflected light from the PM is given by √ I max e iθχ , where I max is the maximum intensity of the back-reflected light and χ ∈ {Z, X} refers to the basis choice. Note that, here for simplicity and in order to compare our simulation results with those in [25], we assume that Eve's back-reflected light from the PM only contains the basis information. That is, we assume that |Ψ i 0,Z A ,E = |Ψ i 0,Z A ⊗ |φ Z E and |Ψ i 1,Z A ,E = |Ψ i 1,Z A ⊗ |φ Z E , where the state |φ Z E =| √ I max e iθ Z of Eve's back-reflected light is the same for both bit values (and similarly for the X basis).…”

Section: Simulation Of the Secret Key Ratementioning

confidence: 99%

“…To be precise, in Refs. [24,25] the authors consider that the phase randomization step is only applied to the back-reflected light from the IM. However, here we consider that this step is applied to the back-reflected light from both the IM and the PM.…”

Section: Casementioning

confidence: 99%

See 4 more Smart Citations

Experimental measurement-device-independent quantum key distribution with imperfect sources

et al. 2016

View full text Add to dashboard Cite

Measurement-device-independent quantum key distribution (MDI-QKD), which is immune to all detector side-channel attacks, is the most promising solution to the security issues in practical quantum key distribution systems. Though several experimental demonstrations of MDI-QKD have been reported, they all make one crucial but not yet verified assumption, that is there are no flaws in state preparation. Such an assumption is unrealistic and security loopholes remain in the source. Here we present, to our knowledge, the first MDI-QKD experiment with the modulation error taken into consideration. By applying a security proof by Tamaki et al (Phys. Rev. A 90, 052314 (2014)), we distribute secure keys over fiber links up to 40 km with imperfect sources, which would not have been possible under previous security proofs. By simultaneously closing loopholes the detectors and a critical loophole -modulation error in the source, our work shows the feasibility of secure QKD with practical imperfect devices.PACS numbers: 03.67. Dd, 03.67.Hk, 42.50.Ex Quantum key distribution (QKD), in principle, offers unconditional security based on the laws of quantum physics rather than computational complexity [1]. However, it has been realized that, due to the gap between the security proof and real-life implementations, practical QKD systems are vulnerable to various attacks [2].Device-independent QKD (DI-QKD) [3], was proposed to remove all assumptions of the internal working of devices of QKD. The security of DI-QKD is based on the loophole-free Bell test. Despite a number of recent experimental demonstrations of loophole-free Bell test [4], DI-QKD is impractical at practical distances (20-30 km of telecom fiber) due to its low key rate of about 10 −10 bit per pulse [5]. Fortunately a protocol, namely the Measurement-Device-Independent QKD (MDI-QKD), whose security is built on the time-reversed entanglement QKD [6] , has been proposed [7] to remove all potential security loopholes in the detection side, the most vulnerable part of a QKD system (See also [8] It is conceivable that MDI-QKD [7] will be widely adopted in the near future. Since MDI-QKD is intrinsically immune to all detector side-channel attacks, eavesdroppers will shift their focus from hacking the detectors to hacking the sources, which are not protected in MDI-QKD. Several theoretical studies on MDI-QKD with imperfect sources have been reported [17].A crucial assumption in discrete-variable MDI-QKD is that the source employed must be trusted. An ideal trusted source need to satisfy two conditions: first, the source only emits single photons; second, information should be encoded without flaws. However, these two conditions cannot be satisfied perfectly with today's technology. First, phase-randomized weak coherent pulses (WCPs) rather than single-photon sources are widely used in most QKD (including BB84 and MDI-QKD) demonstrations. Fortunately, it has been shown that unconditional security can still be achieved with phase-randomized WCPs [18]. Furthermore, the perfo...

show abstract

Section: Conclusion and Discussionmentioning

confidence: 99%

“…Eve's systems [25]. As a result, the parameter D j A j B ,ss Z,nm does not depend on the basis Z nor on the photon number n, m. Therefore, we shall denote it by D j A j B ,ss .…”

Section: Conclusion and Discussionmentioning

confidence: 99%

Section: The Finite-key Regimementioning

confidence: 99%

Section: Simulation Of the Secret Key Ratementioning

confidence: 99%

Section: Casementioning

confidence: 99%

See 3 more Smart Citations