We prove the unconditional security of a quantum key distribution protocol in which bit values are encoded in the phase of a weak coherent-state pulse relative to a strong reference pulse. In contrast to implementations in which a weak pulse is used as a substitute for a single-photon source, the achievable key rate is found to decrease only linearly with the transmission of the channel.PACS numbers: 03.67.Dd 03.67.-a Quantum key distribution provides a way to distribute a secret key between two distant parties, Alice and Bob, even if the quantum channel between them suffers from small noises. As long as the law of quantum mechanics is valid, an eavesdropper, Eve, cannot force Alice and Bob to accept a key on which she has a nonnegligible amount of information. A proof of such unconditional security was first provided by Mayers [1] for the BB84 protocol [2], followed by other proofs [3,4,5,6,7,8]. While a perfect single-photon source is assumed in the earlier proofs, recent proofs [5,6] cover the use of a weak laser pulse in a coherent state as a substitute for a single photon. This is good news in the practical point of view, but comes with a price: the multiphoton components of the weak pulse allow Eve a so-called photon-number splitting attack [9,10]. In order to achieve the security under this attack, Alice must lower the amplitude of her weak pulse as the loss in the channel increases. As a result, there is a bound [10] on the achievable key rate which scales as O(η 2 ) with channel transmission η.