This paper was converted on www.awesomepapers.org from LaTeX by an anonymous user.
Want to know more? Visit the Converter page.

A Novel Approach to Reducing Information Leakage for Quantum Key Distribution

Hao-Kun Mao    \authormark1,6 Qiang Zhao    \authormark2,6 Yu-Cheng Qiao    \authormark3 Bing-Ze Yan    \authormark1 Bing-Jie Xu    \authormark4 Ahmed A. Abd EL-Latif    \authormark5,1 Qiong Li    \authormark1 \authormark1 Department of Computer Science and Technology, Harbin Institute of Technology, Harbin 150080, China
\authormark2 College of software engineering, ZhengZhou University of Light Industry, ZhengZhou 450053, China
\authormark3 Guangxi Key Lab Cryptography & Information Security, Guilin University of Electronic Technology, Guilin 541004, Guangxi, China
\authormark4 Science and Technology on Security Communication Laboratory, Institute of Southwestern Communication, Chengdu, 610041, China
\authormark5 Department of Mathematics and Computer Science, Faculty of Science, Menoufia University, Shebin El-Koom, Egypt
\authormark6 These authors contribute equally to this work
\authormark*qiongli@hit.edu.cn
Abstract

Quantum key distribution (QKD) is an important branch of quantum information science as it holds promise for unconditionally secure communication. For QKD research, a central issue is to improve the final secure key rate (SKR) and the maximal transmission distance. To address this issue, most works focused on reducing the information leakage of QKD. In this paper, we propose a novel approach to further reduce the information leakage by specially considering the overlap between the information leakage of quantum part and post-processing part. The overlap means that the information leakage of post-processing part caused solely by multi-photon pulses is considered twice in previous studies, i.e., both in quantum part and post-processing part. Since the information carried by multi-photon pulses has been considered as completely known by Eve through the photon-number-splitting attack in quantum part, there is no need to consider it in post-processing part repetitively during the SKR calculation. Therefore, our approach can theoretically reduce the information leakage of a QKD protocol. Based on this idea, we derive the formulas to calculate the amount of information leakage for decoy-BB84 and sending-or-not-sending twin-field protocols. Simulation results for these two typical protocols also demonstrate that our approach evidently improves the SKR as well as the maximal transmission distance under practical experimental parameters.

journal: oearticletype: Research Article

1 Introduction

Quantum key distribution (QKD) constitutes a promising solution for distributing unconditionally secure keys between two remote parties, such as Alice and Bob, in the presence of an eavesdropper, usually called Eve. Since the first QKD protocol, commonly known as the BB84 protocol, was proposed in 1984[1], security analysis has been the focus of QKD studies. Though the ideal BB84 protocol has been proven to be unconditionally secure[2], imperfect practical devices might still introduce security vulnerabilities, threatening the security of a practical QKD system. For instance, through the photon-number-splitting (PNS) attack [3, 4, 5] against the imperfect photon sources, Eve was capable of obtaining the complete information of each multi-photon pulse without causing any change in the quantum bit error rate (QBER). To address this challenge, Gottesman-Lo-Lutkenhaus-Preskill (GLLP) [6] proved the unconditional security of a practical QKD system with imperfect devices. In the GLLP theory, each pulse can be represented as a mixed state of Fock states after phase randomization and the pulses can be classified based on the photon number. The information of all multi-photon pulses is assumed to be completely obtained by Eve, and the secure keys are solely generated from vacuum and single-photon pulses. Based on the GLLP theory, the secure key rate (SKR) of some discrete-variable (DV) QKD protocol, such as decoy-BB84 [7, 8, 9] and sending-or-not-sending twin-field (SNS-TF)[10, 11, 12], can be calculated. In this paper, we point out that there is still possible to improve the SKR via estimating the information leakage during the information reconciliation (IR) more accurately.

Assume that the random variables AA and BB represent the sequences of Alice and Bob to be reconciled of length NN, respectively. According to the noiseless coding theorem [20], the lower bound of the exchanged information LallL_{all} for reliable IR can be calculated by the conditional entropy H(A|B)H(A|B). In a DV-QKD system, H(A|B)H(A|B) can be written as Nh(e)Nh(e) [21], where h(e)=elog2(e)(1e)log2(1e)h(e)=-e{\log_{2}}(e)-(1-e){\log_{2}}(1-e) and ee is referred to as QBER. For a practical implementation of IR, LallL_{all} is usually higher than Nh(e)Nh(e). To this end, the IR efficiency f=Lall/Nh(e)f={L_{all}}/Nh(e) is introduced, while a smaller ff implies a better IR, and f=1f=1 represents the perfect IR [21, 22]. The commonly used IR protocols in DV-QKD systems can be generally divided into two categories [23]: interactive and non-interactive. As the most widely used interactive IR protocol, Cascade [21] detects and corrects errors by comparing the parity bits and performing binary search operations, respectively. The IR efficiency of Cascade is capable of approaching 1.02 [24], but its high communication overhead potentially limits its practical application in QKD systems. Accordingly, the non-interactive IR protocols, based on low-density-parity-check (LDPC) [23, 25] or polar codes [26, 27], were proposed. For practical implementations of non-interactive protocols, the efficiencies typically range from 1.1 to 1.2 [23]. In previous literatures about IR, all the exchanged information LallL_{all} was considered as leaked information and subtracted directly from candidate secure keys during the SKR calculation.

However, we find out that only one part of LallL_{all} needs to be subtracted during the SKR calculation. We notice that all the information of multi-photon pulses is assumed to be completely known by Eve through the PNS attack before IR. Thus, the exchanged information of IR caused solely by multi-photon pulses LML_{M} has also been known by Eve before IR and unable to provide any extra information for Eve after IR. Since the information of multi-photon pulses has been subtracted when analyzing the quantum part during the SKR calculation, LML_{M} is unnecessary to be subtracted again when analyzing the information leakage of IR of post-processing part. Following this idea, the SKR can be improved theoretically via avoiding the repetitive subtraction of LML_{M} during the SKR calculation.

The rest of this paper is organized as follows. Sec. 2 presents the main idea of our approach. In Sec. 3, the information leakage of two typical QKD protocols are analyzed. The performances of our approach are reported and analyzed through numerical simulations in Sec. 4. Some conclusions are drawn in the last Section.

2 The main idea of our approach

In this section, we take the Cascade IR protocol as an example to further elaborate on the main idea of our approach. As illustrated in Fig. 1, the key sequences of Alice and Bob are first randomly shuffled and divided into two blocks of length 88. Then, the parities of “Block 1” and “Block 2” of both parties are exchanged and compared simultaneously.

Refer to caption
Figure 1: A schematic workflow of Cascade protocol. The keys that are inconsistent in two parties and generated from multi-photon pulses are filled with orange and blue, respectively. All the blocks (sub-blocks) generated during the error correction process are numbered in green, and pAip_{A}^{i}, pBip_{B}^{i} represent the parity (i.e., the sum modulo 2 of all bits) of the ith block belonging to Alice and Bob, respectively.

For "Block 1" with pA1pB1p_{A}^{1}\neq p_{B}^{1}, a binary searching (i.e., recursively splitting a bit sequence into two halves and check the parities of the first halves of both parties) is performed to correct one error. Note that there is no need to exchange the parity of the second half since it can be easily deduced. For example, pA3p_{A}^{3} can be calculated by pA1pA2p_{A}^{1}\oplus p_{A}^{2}. After four rounds of communications, the error is eventually found in sub-block 7. Through the exchanged parities, Eve can gain some information about the key sequences. For instance, the number of possible combinations of Alice’s sub-sequence in sub-block 2 decreases from 16 to 8 with the help of pA2=1p_{A}^{2}=1. Overall, Eve obtains 1-bit information from each sub-block boxed in red and the total exchanged information of "Block 1" is 4-bit. However, when considering the overlap between the information leakage of quantum part and post-processing part, the effective amount of information LvL_{v} obtained by Eve from IR is not equal to 4-bit. Let us suppose that there is a special sub-block 5 consisting two bits generated from multi-photon pulses. Before IR, Eve can obtain all the information of these two bits through the PNS attack. Though the parity of this sub-block is leaked to Eve during IR, Eve cannot acquire any extra useful information from the parity. In other words, the parity information has been known by Eve even if the parity is not exchanged. As a result, only the parity information obtained from the sub-block 2, 6, 7 are useful for Eve. Thus, LvL_{v} equals to 3-bit, even though 4-bit information has been exchanged during IR.

Since pA8=pB8p_{A}^{8}=p_{B}^{8}, we do not deal with “Block 2” at this moment, even if this block still contains an even number of errors which cannot be detected or corrected until the subsequent processing. After several iterative passes of error correction (i.e. restarting shuffling and binary searching in each pass), the probability of correcting all errors is rather high, signifying a successful error correction. In addition, Cascade involves backtracking operations to benefit the binary searching, thereby reducing the information leakage.

The above analysis suggests that the information leakage of a sub-block which solely contains bits generated from multi-photon pulses is not effective for Eve. Furthermore, the amount of effective information leakage LvL_{v} to Eve can be obtained by estimating the number of such blocks, i.e., Lv=LallLML_{v}=L_{all}-L_{M}.

3 Information leakage analysis for two typical QKD protocols

Owing to the symmetry of DV-QKD protocols, without loss of generality, we only focus on the Alice’s sequence AA. Let A0A_{0}, A1A_{1}, AMA_{M} represent the set of bits generated from the vacuum, single-photon and multi-photon pulses, respectively, s.t. A=A0A1AMA={A_{0}}\cup{A_{1}}\cup{A_{M}}. No matter which IR protocol is applied, a collection of blocks C={c|cA}C=\{c|c\subset A\} will be generated after IR, and each block c(cCc\in C) is also a set containing several bits from AA. Considering that each block cc is regarded to leak 1-bit information and some blocks from CC may be linearly correlated [24], the original information leakage Lall|C|L_{all}\leq\left|C\right|. Let CM={c|(cC)(cAM)}{C_{M}}=\{c|(\forall c\in{C})\wedge(c\subset{A_{M}})\}, we have Lv=LallLM|C||CM|{L_{v}}={L_{all}}-{L_{M}}\leq\left|{C}\right|-\left|{{C_{M}}}\right|.

Let DD represent the set of block lengths after IR (e.g. D={8,4,2,1}D=\left\{{8,4,2,1}\right\} in the case shown in Fig. 1) and the sets Cl,CMl(lD)C^{l},C_{M}^{l}(l\in D) satisfy Cl={c|(cC)(|c|=l)}{C^{l}}=\{c|(\forall c\in C)\wedge(\left|c\right|=l)\}, CMl={c|(cCM)(|c|=l)}C_{M}^{l}=\{c|(\forall c\in{C_{M}})\wedge(\left|c\right|=l)\}. Known that the sequences are shuffled before each pass and the bits are then uniformly distributed in the sequences, we have

Lv|C||CM|=lD|Cl|lD|CMl|=lD|Cl|[1(ΔM)l]lD|Cl|[min(1(ΔMinf)l,1)],\begin{split}{L_{v}}&\leq\left|{C}\right|-\left|{{C_{M}}}\right|\\ &=\sum\limits_{l\in D}{\left|{{C^{l}}}\right|}-\sum\limits_{l\in D}{\left|{C_{M}^{l}}\right|}\\ &=\sum\limits_{l\in D}{\left|{{C^{l}}}\right|\left[{1-{{\left({\Delta_{M}}\right)}^{l}}}\right]}\\ &\leq\sum\limits_{l\in D}{\left|{{C^{l}}}\right|\left[{\min\left({1-{{\left(\Delta_{M}^{\inf}\right)}^{l}},1}\right)}\right]},\\ \end{split} (1)

where ΔM\Delta_{M} represents the proportion of the count rate of the multi-photon pulses to that of the signal pulses.

Let RR represents the SKR per pulse in a practical DV-QKD system and qq is the sifting efficiency, we eventually get the formula for calculating the improved RR as

R=qQμmax{Δ1inf[1h(e1sup)]+Δ0inflD(|Cl|/N)[min(1(ΔMinf)l,1)],0}.R=q{Q_{\mu}}\max\left\{{\Delta_{1}^{\inf}\left[{1-h(e_{1}^{\sup})}\right]+\Delta_{0}^{\inf}-\sum\limits_{l\in D}{\left({\left|{{C^{l}}}\right|/N}\right)\left[{\min\left({1-{{\left(\Delta_{M}^{\inf}\right)}^{l}},1}\right)}\right]},0}\right\}. (2)

We can see from Eq. (1) that the critical parameter is ΔMinf\Delta_{M}^{\inf}. For this reason, we deduce the methods of calculating ΔMinf\Delta_{M}^{\inf} for two typical DV-QKD protocols based on the GLLP theory, that is, decoy-BB84 and SNS-TF protocols. Note that for some modified TF-type protocols, such as no-phase-postselection protocol [28], phase-matching protocol [29], etc., our new approach cannot be directly applied, as the signals can not be directly classified based on the number of photons in these protocols. For these protocols, additional analysis and proofs based on our main idea may be required.

3.1 For decoy-BB84 protocol

Known that ΔMinf=1Δ0supΔ1sup\Delta_{M}^{\inf}=1-\Delta_{0}^{\sup}-\Delta_{1}^{\sup} in a decoy-BB84 protocol, we just need to focus on the calculation of Δ0sup\Delta_{0}^{\sup} and Δ1sup\Delta_{1}^{\sup}. By using the decoy-state method, we have

Qk=i=0Yikii!ek,k{μ,ν1,ν2}{Q_{k}}=\sum\limits_{i=0}^{\infty}{{Y_{i}}}\frac{{k^{i}}}{{i!}}{e^{-k}},k\in\{\mu,\nu_{1},\nu_{2}\}\\ (3)

where QiQ_{i} represents the count rate of the pulse whose photon number is i(i=0,1,2,,n)i(i=0,1,2,...,n) and the ratio Δi=Qi/Qμ{\Delta_{i}}={Q_{i}}/{Q_{\mu}}.

Based on Eq. (3), we have

Qν1eν1Qν2eν2=Y1(ν1ν2)+i=2Yii!(ν1iν2i)Y1(ν1ν2).{Q_{{\nu_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}={Y_{1}}({\nu_{1}}-{\nu_{2}})+\sum\limits_{i=2}^{\infty}{\frac{{{Y_{i}}}}{{i!}}(\nu_{1}^{i}}-\nu_{2}^{i})\geq{Y_{1}}({\nu_{1}}-{\nu_{2}}). (4)

Then the upper bounds of Y1Y_{1} and Δ1{\Delta_{1}} can be obtained as follow:

Y1Qv1eν1Qν2eν2ν1ν2,Δ1=Q1Qμ=Y1μeμQμ(Qν1eν1Qν2eν2)μeμ(ν1ν2)Qμ.\begin{split}{Y_{1}}&\leq\frac{{{Q_{{v_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}}}{{{\nu_{1}}-{\nu_{2}}}},\\ {\Delta_{1}}&=\frac{{{Q_{1}}}}{{{Q_{\mu}}}}=\frac{{{Y_{1}}\mu{e^{-\mu}}}}{{{Q_{\mu}}}}\leq\frac{{({Q_{{\nu_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}})\mu{e^{-\mu}}}}{{({\nu_{1}}-{\nu_{2}}){Q_{\mu}}}}.\\ \end{split} (5)

For Y0Y_{0} and Δ0{\Delta_{0}}, according to Eq. (3), we have

Qν2eν2=Y0+Y1ν2+i=2Yiν2ii!Y0+Y1ν2,{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}={Y_{0}}+{Y_{1}}{\nu_{2}}+\sum\limits_{i=2}^{\infty}{{Y_{i}}}\frac{{\nu_{2}^{i}}}{{i!}}\geq{Y_{0}}+{Y_{1}}{\nu_{2}}, (6)

thus the upper bounds of Y0Y_{0} and Δ0{\Delta_{0}} can be obtained as

Y0Qν2eν2Y1ν2Qν2eν2Y1infν2,Δ0=Q0Qμ=Y0eμQμ(Qν2eν2Y1infν2)eμQμ.\begin{split}{Y_{0}}&\leq{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-{Y_{1}}{\nu_{2}}\leq{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-Y_{1}^{\inf}{\nu_{2}},\\ {\Delta_{0}}&=\frac{{{Q_{0}}}}{{{Q_{\mu}}}}=\frac{{{Y_{0}}{e^{-\mu}}}}{{{Q_{\mu}}}}\leq\frac{{({Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-Y_{1}^{\inf}{\nu_{2}}){e^{-\mu}}}}{{{Q_{\mu}}}}.\\ \end{split} (7)

Based on Ref. [13], the estimated formula of Y1infY_{1}^{\inf} and Y0infY_{0}^{\inf} are given as follows.

Y1inf=μμv1μv2v12+v22(Qv1ev1Qv2ev2v12v22μ2(QμeμY0inf))Y0inf=max{v1Qv2ev2v2Qv1ev1v1v2,0}\begin{split}Y_{1}^{\inf}&=\frac{\mu}{{\mu{v_{1}}-\mu{v_{2}}-v_{1}^{2}+v_{2}^{2}}}\left({{Q_{{v_{1}}}}{e^{{v_{1}}}}-{Q_{{v_{2}}}}{e^{{v_{2}}}}-\frac{{v_{1}^{2}-v_{2}^{2}}}{{{\mu^{2}}}}\left({{Q_{\mu}}{e^{\mu}}-Y_{0}^{\inf}}\right)}\right)\\ Y_{0}^{\inf}&=\max\left\{{\frac{{{v_{1}}{Q_{{v_{2}}}}{e^{{v_{2}}}}-{v_{2}}{Q_{{v_{1}}}}{e^{{v_{1}}}}}}{{{v_{1}}-{v_{2}}}},0}\right\}\\ \end{split} (8)

According to Eq. (5), (7), and (8), we can calculate the value of ΔMinf\Delta_{M}^{\inf}, thus an optimized SKR can be generated for the decoy-BB84 protocol.

3.2 For SNS-TF protocol

The original formula for calculating SKR in an SNS-TF protocol was given in Ref. [11]:

R=PAZPBZ{[εA(1εB)μAeμA+εB(1εA)μBeμB]s1z[1h(e1ph)]szfh(Ez)},R=P_{A}^{Z}P_{B}^{Z}\left\{{\left[{{\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}}\right]s_{1}^{z}\left[{1-h\left({e_{1}^{ph}}\right)}\right]-{s_{z}}{f}h\left({{E_{z}}}\right)}\right\}, (9)

where the meanings of PAZP_{A}^{Z}, PBZP_{B}^{Z}, εA\varepsilon_{A}, μA\mu_{A}, εB\varepsilon_{B}, μB\mu_{B} are given in Table 2, s1zs_{1}^{z}, e1phe_{1}^{ph} refer to the count rate and phase-error-rate in Z window respectively, szs_{z}, EzE_{z} refer to the total count rate and bit-error-rate in Z windows respectively. By using our new approach, we convert Eq. (9) to

R=PAZPBZ{[εA(1εB)μAeμA+εB(1εA)μBeμB]s1z[1h(e1ph)]L}.R=P_{A}^{Z}P_{B}^{Z}\left\{{\left[{{\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}}\right]s_{1}^{z}\left[{1-h\left({e_{1}^{ph}}\right)}\right]-L}\right\}. (10)

Note that only pulses with single-photon from Z windows can generate secure keys. Assuming ΔM{\Delta_{M}} to be the count rate of multi-photon pulses in Z windows, we have

ΔM=1P1s1ZP0s0Z,{\Delta_{M}}=1-{P_{1}}s_{1}^{Z}-{P_{0}}s_{0}^{Z}, (11)

where s0Zs_{0}^{Z} is the count rate of vacuum pulse in Z windows and P0P_{0}, P1P_{1} are the probability of the photon number equaling 0 or 1, respectively. By analyzing the different conditions of choosing sending or not-sending for Alice and Bob, we have

P0=εA(1εB)eμA+εB(1εA)eμB+εAεBe(μA+μB)+(1εA)(1εB),P1=εA(1εB)μAeμA+εB(1εA)μBeμB+εAεB(μA+μB)e(μA+μB).\begin{split}{P_{0}}&={\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){e^{-{\mu_{B}}}}+{\varepsilon_{A}}{\varepsilon_{B}}{e^{-\left({{\mu_{A}}+{\mu_{B}}}\right)}}+\left({1-{\varepsilon_{A}}}\right)\left({1-{\varepsilon_{B}}}\right),\\ {P_{1}}&={\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}+{\varepsilon_{A}}{\varepsilon_{B}}\left({{\mu_{A}}+{\mu_{B}}}\right){e^{-\left({{\mu_{A}}+{\mu_{B}}}\right)}}.\\ \end{split} (12)

We then analyze s0Zs_{0}^{Z} and s1Zs_{1}^{Z}. The parameter s0Zs_{0}^{Z} can be directly obtained from S00{S_{00}}, which is the count rate of vacuum pulses in X windows:

s0Z=S00.s_{0}^{Z}={S_{00}}. (13)

For s1Zs_{1}^{Z}, its lower bound has been given in Ref. [11], which can give us a revelation to estimate its upper bound:

s1Z=μA1μA1+μB1s10z+μB1μA1+μB1s01z,s_{1}^{Z}=\frac{{{\mu_{A1}}}}{{{\mu_{A1}}+{\mu_{B1}}}}s_{10}^{z}+\frac{{{\mu_{B1}}}}{{{\mu_{A1}}+{\mu_{B1}}}}s_{01}^{z}, (14)

where:

s10ZeμA2S20eμA1S10μA2μA1,s01ZeμB2S02eμB1S01μB2μB1,s_{10}^{Z}\leq\frac{{{e^{{\mu_{A2}}}}{S_{20}}-{e^{{\mu_{A1}}}}{S_{10}}}}{{{\mu_{A2}}-{\mu_{A1}}}},{\rm{}}s_{01}^{Z}\leq\frac{{{e^{{\mu_{B2}}}}{S_{02}}-{e^{{\mu_{B1}}}}{S_{01}}}}{{{\mu_{B2}}-{\mu_{B1}}}}, (15)

where the meanings of all the above parameters are given in Ref. [11]. By substituting Eq. (12),(13), and (14) into Eq. (11), we finally get the formula of ΔMinf\Delta_{M}^{\inf} for the SNS-TF protocol.

4 Simulations and Discussions

We evaluate the performance improvement of our new approach over the original GLLP formula through simulations under practical experimental parameters. The key simulation parameters of the decoy-BB84 [30] and SNS-TF protocols [31] are detailed in Table 1 and 2, respectively.

In addition, we can clearly see from Eq. (1) that the smaller ll is, the better our approach performs. However, in a commonly used non-interactive IR protocol, a larger ll is usually applied to achieve a higher ff. Therefore, we consider that the non-interactive IR protocols cannot gain obvious SKR improvement from our approach. In contrast, a collection of blocks with different block lengths whose value can be as low as 1, will be obtained after Cascade. We thus conclude that a greater SKR improvement can be obtained when using Cascade. Therefore, we apply Cascade as the IR protocol in our simulations and its IR efficiency ff is set to the optimal value 1.

Table 1: Key simulation parameters for the decoy-BB84 protocol. μ\mu, ν1\nu_{1}, ν2\nu_{2}: average photon number for signal, decoy and vacuum pulses; qq: sifting efficiency; α\alpha: the channel loss; dd: the dark count rate of the detector; ηd\eta_{d}: detection efficiency of the detector; edete_{det}: systematic errors.
μ\mu ν1\nu_{1} ν2\nu_{2} qq α\alpha dd ηd\eta_{d} edete_{det}
0.4 0.1 0.0007 0.9 0.20 dB/km 10510^{-5} 20% 0.033
Table 2: Key simulation parameters for the SNS-TF protocol. PAZP_{A}^{Z}, PBZP_{B}^{Z}: the probability of choosing the ZZ window by Alice and Bob; εA\varepsilon_{A}, εB\varepsilon_{B}, μA\mu_{A}, μB\mu_{B}: the probability of choosing the Sending mode in ZZ windows and the corresponding average photon number of each sending pulse by Alice and Bob; ede_{d}: the misalignment error in the X window; The definitions of α\alpha, dd, ηd\eta_{d}, edete_{det} are same as in Table 1.
PAZP_{A}^{Z} PBZP_{B}^{Z} εA\varepsilon_{A} εB\varepsilon_{B} μA\mu_{A} μB\mu_{B} ede_{d} α\alpha dd ηd\eta_{d} edete_{det}
0.7 0.8 0.022 0.48 0.042 0.425 5% 0.20 dB/km 101010^{-10} 50% 0.033

We show the numerical results for decoy-BB84 protocol and SNS-TF protocol in Fig. 2 and Fig. 3. Simulation results show that our approach can not only improve the SKR at any distance, but also increase the maximal transmission distances of two protocols by 5km and 20km, respectively. We note that the SKR improvement of our approach does not depend on the performance boost of optical devices, but rather comes from the more accurate estimation of the information leakage of IR.

Refer to caption
Figure 2: SKR per pulse vs. transmission distance with our improved and the original approach for a decoy-BB84 protocol [30].
Refer to caption
Figure 3: SKR per pulse vs. transmission distance with our improved and the original approach for a SNS-TF protocol [11].

Though our approach can significantly improve the SKR at any distance, Eq. (2) needs further modification when our formula is expanded to the finite-size regime. Since the information leakage of our new approach is affected by finite-size effects, additional analysis may be needed. In addition, based on different protocols, related parameters can be optimized to obtain a better ΔMinf\Delta_{M}^{\inf}, thus improving SKR.

5 Conclusions

In this study, we propose a novel approach to reduce the information leakage of IR by specially considering the overlap between the information leakage of quantum part and the post-processing part. Benefiting from avoiding the repetitive subtraction of information leakage caused by multi-photon pulses during IR, our approach theoretically improves the SKR of a QKD protocol. Simulation results for decoy-BB84 and SNS-TF protocols show that our approach is capable of improving both the SKRs at any distance and the maximal transmission distance. Note that our approach can be applied to all DV-QKD protocols based on the GLLP theory.

Besides, we consider that the main idea of our approach may have implications for continuous-variable (CV) QKD protocols as well. Our main idea implies that the quantum and classical signal processing are not completely independent. Thus, when estimating the leaked information through the classical channel, whether it overlaps with the information leaked in the quantum part also needs to be considered. The above analyses bring us an implication for CV-QKD system, that is, a better SKR can be calculated for a CV-QKD system if there exist similar situations in this system.

6 Backmatter

\bmsection

Funding

\bmsection

Acknowledgments This work is supported by the National Natural Science Foundation of China (Grant Number: 62071151, 61301099). Special thanks goes to Dr. Xuan Wen for the helpful discussions.

\bmsection

Disclosures The authors declare no conflicts of interest.

\bmsection

Data Availability Statement Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

7 References

References

  • [1] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and con tos5,” in Proceedings of the International Conference on Computers, Systems and Signal Processing, (1984), pp. 175–179.
  • [2] P. W. Shor and J. Preskill, “Simple proof of security of the bb84 quantum key distribution protocol,” \JournalTitlePhysical review letters 85, 441 (2000).
  • [3] N. Lütkenhaus, “Security against individual attacks for realistic quantum key distribution,” \JournalTitlePhysical Review A 61, 052304 (2000).
  • [4] G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, “Security aspects of practical quantum cryptography,” in International conference on the theory and applications of cryptographic techniques, (Springer, 2000), pp. 289–299.
  • [5] N. Lütkenhaus and M. Jahma, “Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack,” \JournalTitleNew Journal of Physics 4, 44 (2002).
  • [6] D. Gottesman, H.-K. Lo, N. Lutkenhaus, and J. Preskill, “Security of quantum key distribution with imperfect devices,” in International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings., (IEEE, 2004), p. 136.
  • [7] H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” \JournalTitlePhysical review letters 94, 230504 (2005).
  • [8] X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” \JournalTitlePhysical review letters 94, 230503 (2005).
  • [9] X.-B. Wang, “Decoy-state protocol for quantum cryptography with four different intensities of coherent light,” \JournalTitlePhysical Review A 72, 012322 (2005).
  • [10] M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quantum key distribution without quantum repeaters,” \JournalTitleNature 557, 400–403 (2018).
  • [11] X.-B. Wang, Z.-W. Yu, and X.-L. Hu, “Twin-field quantum key distribution with large misalignment error,” \JournalTitlePhysical Review A 98, 062323 (2018).
  • [12] S. Wang, D.-Y. He, Z.-Q. Yin, F.-Y. Lu, C.-H. Cui, W. Chen, Z. Zhou, G.-C. Guo, and Z.-F. Han, “Beating the fundamental rate-distance limit in a proof-of-principle quantum key distribution system,” \JournalTitlePhysical Review X 9, 021046 (2019).
  • [13] X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” \JournalTitlePhysical Review A 72, 012326 (2005).
  • [14] M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” \JournalTitleNature communications 3, 1–6 (2012).
  • [15] V. Scarani and R. Renner, “Quantum cryptography with finite resources: Unconditional security bound for discrete-variable protocols with one-way postprocessing,” \JournalTitlePhysical review letters 100, 200501 (2008).
  • [16] Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” \JournalTitlePhysical Review A 93, 042324 (2016).
  • [17] C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy-state quantum key distribution,” \JournalTitlePhysical Review A 89, 022307 (2014).
  • [18] D. Rusca, A. Boaron, F. Grünenfelder, A. Martin, and H. Zbinden, “Finite-key analysis for the 1-decoy state qkd protocol,” \JournalTitleApplied Physics Letters 112, 171104 (2018).
  • [19] G.-J. Fan-Yuan, Z.-H. Wang, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, G.-C. Guo, and Z.-F. Han, “Optimizing decoy-state protocols for practical quantum key distribution systems,” \JournalTitleAdvanced Quantum Technologies 4, 2000131 (2021).
  • [20] D. Slepian and J. Wolf, “Noiseless coding of correlated information sources,” \JournalTitleIEEE Transactions on information Theory 19, 471–480 (1973).
  • [21] J. Martinez-Mateo, C. Pacher, and M. Peev, “Demystifying the information reconciliation protocol cascade,” \JournalTitleQuantum Information and Computation 15, 0453–0477 (2015).
  • [22] M. Tomamichel, J. Martinez-Mateo, C. Pacher, and D. Elkouss, “Fundamental finite key limits for one-way information reconciliation in quantum key distribution,” \JournalTitleQuantum Information Processing 16, 1–23 (2017).
  • [23] H. Mao, Q. Li, Q. Han, and H. Guo, “High-throughput and low-cost ldpc reconciliation for quantum key distribution,” \JournalTitleQuantum Information Processing 18, 1–14 (2019).
  • [24] C. Pacher, P. Grabenweger, J. Martinez-Mateo, and V. Martin, “An information reconciliation protocol for secret-key agreement with small leakage,” in 2015 IEEE International Symposium on Information Theory (ISIT), (IEEE, 2015), pp. 730–734.
  • [25] E. O. Kiktenko, A. S. Trushechkin, C. C. W. Lim, Y. V. Kurochkin, and A. K. Fedorov, “Symmetric blind information reconciliation for quantum key distribution,” \JournalTitlePhysical Review Applied 8, 044017 (2017).
  • [26] S. Yan, J. Wang, J. Fang, L. Jiang, and X. Wang, “An improved polar codes-based key reconciliation for practical quantum key distribution,” \JournalTitleChinese Journal of Electronics 27, 250–255 (2018).
  • [27] E. O. Kiktenko, A. O. Malyshev, and A. K. Fedorov, “Blind information reconciliation with polar codes for quantum key distribution,” \JournalTitleIEEE Communications Letters (2020).
  • [28] C. Cui, Z.-Q. Yin, R. Wang, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Twin-field quantum key distribution without phase postselection,” \JournalTitlePhysical Review Applied 11, 034053 (2019).
  • [29] X. Ma, P. Zeng, and H. Zhou, “Phase-matching quantum key distribution,” \JournalTitlePhysical Review X 8, 031043 (2018).
  • [30] Z. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. Sharpe, A. Dixon, E. Lavelle, J. Dynes, A. Murakami et al., “10-mb/s quantum key distribution,” \JournalTitleJournal of Lightwave Technology 36, 3427–3433 (2018).
  • [31] J.-P. Chen, C. Zhang, Y. Liu, C. Jiang, W. Zhang, X.-L. Hu, J.-Y. Guan, Z.-W. Yu, H. Xu, J. Lin et al., “Sending-or-not-sending with independent lasers: Secure twin-field quantum key distribution over 509 km,” \JournalTitlePhysical review letters 124, 070501 (2020).