Experimental quantum key distribution with source flaws

Xu, Feihu; Wei, Kejin; Sajeed, Shihan; Kaiser, Sarah; Sun, Shi-Hai; Tang, Zhiyuan; Qian, Li; Makarov, Vadim; Lo, Hoi Kwong

doi:10.1103/physreva.92.032305

Cited by 86 publications

(71 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…131, where the authors implemented decoy-state QKD with imperfect state preparation and employed tight finite-key security bounds with composable security against coherent attacks. The work in ref.…”

Section: Mdi-qkdmentioning

confidence: 99%

Practical challenges in quantum key distribution

Diamanti¹,

Lo²,

Qi³

et al. 2016

npj Quantum Inf

Self Cite

626

468

View full text Add to dashboard Cite

Quantum key distribution (QKD) promises unconditional security in data communication and is currently being deployed in commercial applications. Nonetheless, before QKD can be widely adopted, it faces a number of important challenges such as secret key rate, distance, size, cost and practical security. Here, we survey those key challenges and the approaches that are currently being taken to address them. For thousands of years, human beings have been using codes to keep secrets. With the rise of the Internet and recent trends to the Internet of Things, our sensitive personal financial and health data as well as commercial and national secrets are routinely being transmitted through the Internet. In this context, communication security is of utmost importance. In conventional symmetric cryptographic algorithms, communication security relies solely on the secrecy of an encryption key. If two users, Alice and Bob, share a long random string of secret bits-the key-then they can achieve unconditional security by encrypting their message using the standard one-time-pad encryption scheme. The central question then is: how do Alice and Bob share a secure key in the first place? This is called the key distribution problem. Unfortunately, all classical methods to distribute a secure key are fundamentally insecure because in classical physics there is nothing preventing an eavesdropper, Eve, from copying the key during its transit from Alice to Bob. On the other hand, standard asymmetric or public-key cryptography solves the key distribution problem by relying on computational assumptions such as the hardness of factoring. Therefore, such schemes do not provide information-theoretic security because they are vulnerable to future advances in hardware and algorithms, including the construction of a large-scale quantum computer.

show abstract

Section: Mdi-qkdmentioning

confidence: 99%

Practical challenges in quantum key distribution

Diamanti¹,

Lo²,

Qi³

et al. 2016

npj Quantum Inf

Self Cite

626

468

View full text Add to dashboard Cite

show abstract

“…Indeed, as already shown in MDI-QKD [29,[38][39][40], if Alice and Bob use the same intensity settings, they might be in a situation where it is convenient for them to symmetrize the channels losses by increasing the loss in one of the channels, in order to enhance the key rate. In doing so, the intensities of the pulses arriving at the central node are now of similar magnitude, which results in an improvement of the key rate.…”

Section: Symmetric Intensitiesmentioning

confidence: 98%

“…In doing so, the intensities of the pulses arriving at the central node are now of similar magnitude, which results in an improvement of the key rate. However, if they use different intensity settings, that is no longer the case [29,[38][39][40]. The same happens in the TF-QKD scheme introduced in [19].…”

Section: Symmetric Intensitiesmentioning

confidence: 99%

Asymmetric twin-field quantum key distribution

2019

View full text Add to dashboard Cite

Twin-Field (TF) quantum key distribution (QKD) is a major candidate to be the new benchmark for far-distance QKD implementations, since its secret key rate can overcome the repeaterless bound by means of a simple interferometric measurement. Many variants of the original protocol have been recently proven to be secure. Here, we focus on the TF-QKD type protocol proposed by Curty et al (2019 NPJ Quantum Inf. 5 64), which can provide a high secret key rate and whose practical feasibility has been demonstrated in various recent experiments. The security of this protocol relies on the estimation of certain detection probabilities (yields) through the decoy-state technique. Analytical bounds on the relevant yields have been recently derived assuming that both parties use the same set of decoy intensities, thus providing sub-optimal key rates in asymmetric-loss scenarios. Here we derive new analytical bounds when the parties use either two, three or four independent decoy intensity settings each. With the new bounds we optimize the protocol's performance in asymmetric-loss scenarios and show that the protocol is robust against uncorrelated intensity fluctuations affecting the parties' lasers.

show abstract

“…There are finitely many such histories, and each of them as a probability associated with it. This can be expressed more formally in the language of discrete probability theory 13 by saying that Ω forms the sample space of a discrete probability space ( ) W P , , on which a probability mass function P is defined such that ( ) w P is the probability of a history ω. Note that by choosing W = W ¼Q AB , we also include impossible combinations of a b , , K, J.…”

Section: Appendix C Sampling and Abort Probability Calculation For Lmentioning

confidence: 99%

“…The framework used in the aforementioned works, relying on some fairly technical results 5 , represents the current state-of-the-art in the level of mathematical rigor for QKD security proofs. These theoretical advances have led to experimental implementations [12][13][14] with finite-key analysis.…”

Section: Introductionmentioning

confidence: 99%

Sifting attacks in finite-size quantum key distribution

et al. 2016

View full text Add to dashboard Cite

A central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting, a sifting procedure that has been employed in some (but not all) of the recently suggested QKD protocols in order to increase their efficiency. We show that iterative sifting leads to two security issues: (1) some rounds are more likely to be key rounds than others, (2) the public communication of past measurement choices changes this bias round by round. We analyze these two previously unnoticed problems, present eavesdropping strategies that exploit them, and find that the two problems are independent. We discuss some sifting protocols in the literature that are immune to these problems. While some of these would be inefficient replacements for iterative sifting, we find that the sifting subroutine of an asymptotically secure protocol suggested by Lo et al (2005 J. Cryptol.18 133-65), which we call LCA sifting, has an efficiency on par with that of iterative sifting. One of our main results is to show that LCA sifting can be adapted to achieve secure sifting in the finitekey regime. More precisely, we combine LCA sifting with a certain parameter estimation protocol, and we prove the finite-key security of this combination. Hence we propose that LCA sifting should replace iterative sifting in future QKD implementations. More generally, we present two formal criteria for a sifting protocol that guarantee its finite-key security. Our criteria may guide the design of future protocols and inspire a more rigorous QKD analysis, which has neglected sifting-related attacks so far.Here, equation (1) expresses the absence of non-uniform sampling, i.e., that the probability ( ) J Q P for a partitioning J of the total rounds into sample rounds and KG rounds is independent of J. Equation (2) expresses the absence of basis information leak, which is formally expressed by stating that the classical communication Q l associated with the sifting process is uncorrelated (i.e., in a tensor product state) with Alice's and Bob's quantum systems A B l l . (The precise details of these two equations will be explained in section 6.) We find that the two problems are in fact independent. Hence, security from one of the two problems does not imply security from the other. The two formal criteria can be used to check whether a candidate protocol is subject to the two problems or not. New J. Phys. 18 (2016) 053001 C Pfister et al 1 2 instead of ( ) ( ) J J J J = ¼ = , , , New J. Phys. 18 (2016) 053001 C Pfister et al 2 1 . 1 6 z z z z z ( ) å å J J = ¢ ¢ J J ¢ ÎW ¢Q ¢ ÎW ¢Q s s P z z P z z , , , , , E 2 1 z z ZZ z z ZZ , , , , j tot tot where {( ) | ( ) ( ) } ( ) J J J

show abstract

Experimental quantum key distribution with source flaws

Cited by 86 publications

References 66 publications

Practical challenges in quantum key distribution

Practical challenges in quantum key distribution

Asymmetric twin-field quantum key distribution

Sifting attacks in finite-size quantum key distribution

Contact Info

Product

Resources

About