Measurement-device-independent quantum key distribution (MDI-QKD), which is immune to all detector side-channel attacks, is the most promising solution to the security issues in practical quantum key distribution systems. Though several experimental demonstrations of MDI-QKD have been reported, they all make one crucial but not yet verified assumption, that is there are no flaws in state preparation. Such an assumption is unrealistic and security loopholes remain in the source. Here we present, to our knowledge, the first MDI-QKD experiment with the modulation error taken into consideration. By applying a security proof by Tamaki et al (Phys. Rev. A 90, 052314 (2014)), we distribute secure keys over fiber links up to 40 km with imperfect sources, which would not have been possible under previous security proofs. By simultaneously closing loopholes the detectors and a critical loophole -modulation error in the source, our work shows the feasibility of secure QKD with practical imperfect devices.PACS numbers: 03.67. Dd, 03.67.Hk, 42.50.Ex Quantum key distribution (QKD), in principle, offers unconditional security based on the laws of quantum physics rather than computational complexity [1]. However, it has been realized that, due to the gap between the security proof and real-life implementations, practical QKD systems are vulnerable to various attacks [2].Device-independent QKD (DI-QKD) [3], was proposed to remove all assumptions of the internal working of devices of QKD. The security of DI-QKD is based on the loophole-free Bell test. Despite a number of recent experimental demonstrations of loophole-free Bell test [4], DI-QKD is impractical at practical distances (20-30 km of telecom fiber) due to its low key rate of about 10 −10 bit per pulse [5]. Fortunately a protocol, namely the Measurement-Device-Independent QKD (MDI-QKD), whose security is built on the time-reversed entanglement QKD [6] , has been proposed [7] to remove all potential security loopholes in the detection side, the most vulnerable part of a QKD system (See also [8] It is conceivable that MDI-QKD [7] will be widely adopted in the near future. Since MDI-QKD is intrinsically immune to all detector side-channel attacks, eavesdroppers will shift their focus from hacking the detectors to hacking the sources, which are not protected in MDI-QKD. Several theoretical studies on MDI-QKD with imperfect sources have been reported [17].A crucial assumption in discrete-variable MDI-QKD is that the source employed must be trusted. An ideal trusted source need to satisfy two conditions: first, the source only emits single photons; second, information should be encoded without flaws. However, these two conditions cannot be satisfied perfectly with today's technology. First, phase-randomized weak coherent pulses (WCPs) rather than single-photon sources are widely used in most QKD (including BB84 and MDI-QKD) demonstrations. Fortunately, it has been shown that unconditional security can still be achieved with phase-randomized WCPs [18]. Furthermore, the perfo...
