
Despite the enormous theoretical and experimental progress made so far in
quantum key distribution (QKD), the security of most existing QKD
implementations is not rigorously established yet. A critical obstacle is that
almost all existing security proofs make ideal assumptions on the QKD devices.
Problematically, such assumptions are hard to satisfy in the experiments, and
therefore it is not obvious how to apply such security proofs to practical QKD
systems. Fortunately, any imperfections and securityloopholes in the
measurement devices can be perfectly closed by measurementdeviceindependent
QKD (MDIQKD), and thus we only need to consider how to secure the source
devices. Among imperfections in the source devices, correlations between the
sending pulses are one of the principal problems. In this paper, we consider a
settingchoiceindependent correlation (SCIC) framework in which the sending
pulses can present arbitrary correlations but they are independent of the
previous setting choices such as the bit, the basis and the intensity settings.
Within the framework of SCIC, we consider the dominant fluctuations of the
sending states, such as the relative phases and the intensities, and provide a
selfcontained information theoretic security proof for the losstolerant QKD
protocol in the finitekey regime. We demonstrate the feasibility of secure
quantum communication within a reasonable number of pulses sent, and thus we
are convinced that our work constitutes a crucial step toward guaranteeing
implementation security of QKD.

Several quantum key distribution (QKD) protocols employ iterative sifting.
After each quantum transmission round, Alice and Bob disclose part of their
setting information (including their basis choices) for the detected signals.
The quantum phase of the protocol then ends when the numbers of detected
signals per basis exceed certain preagreed threshold values. Recently,
however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative
sifting makes QKD insecure, especially in the finite key regime, if the
parameter estimation for privacy amplification uses the random sampling theory.
This implies that a number of existing finite key security proofs could be
flawed and cannot guarantee security. Here, we solve this serious problem by
showing that the use of Azuma's inequality for parameter estimation makes QKD
with iterative sifting secure again. This means that the existing protocols
whose security proof employs this inequality remain secure even if they employ
iterative sifting. Also, our results highlight a fundamental difference between
the random sampling theorem and Azuma's inequality in proving security.

We show the informationtheoretic security proof of the
differentialphaseshift (DPS) quantum key distribution (QKD) protocol based on
the complementarity approach [arXiv:0704.3661 (2007)]. Our security proof
provides a slightly better key generation rate compared to the one derived in
the previous security proof in [arXiv:1208.1995 (2012)] that is based on the
ShorPreskill approach [Phys. Rev. Lett. ${\bf 85}$, 441 (2000)]. This
improvement is obtained because the complementarity approach can employ more
detailed information on Alice's sending state in estimating the leaked
information to an eavesdropper. Moreover, we remove the necessity of the
numerical calculation that was needed in the previous analysis to estimate the
leaked information. This leads to an advantage that our security proof enables
us to evaluate the security of the DPS protocol with any block size. This paper
highlights one of the fundamental differences between the ShorPreskill and the
complementarity approaches.

The differentialphaseshift (DPS) quantum key distribution (QKD) protocol
was proposed aiming at simple implementation, but it can tolerate only a small
disturbance in a quantum channel. The roundrobin DPS (RRDPS) protocol could be
a good solution for this problem, which in fact can tolerate even up to $50\%$
of a bit error rate. Unfortunately, however, such a high tolerance can be
achieved only when we compromise the simplicity, i.e., Bob's measurement must
involve a large number of random delays ($\mathcal{R}$ denotes its number),
and in a practical regime of $\mathcal{R}$ being small, the tolerance is low.
In this paper, we propose a new DPS protocol to achieve a higher tolerance than
the one in the original DPS protocol, in which the measurement setup is less
demanding than the one of the RRDPS protocol for the high tolerance regime. We
call the new protocol the smallnumberrandom DPS (SNRDPS) protocol, and in
this protocol, we add only a small amount of randomness to the original DPS
protocol, i.e., $2\leq\mathcal{R}\leq10$. In fact, we found that the
performance of the SNRDPS protocol is significantly enhanced over the original
DPS protocol only by employing a few additional delays such as
$\mathcal{R}=2$. Also, we found that the key generation rate of the SNRDPS
protocol outperforms the RRDPS protocol without monitoring the bit error rate
when it is less than $5\%$ and $\mathcal{R}\leq10$. Our protocol is an
intermediate protocol between the original DPS protocol and the RRDPS protocol,
and it increases the variety of the DPStype protocols with quantified
security.

Recently, a new type of quantum key distribution, called the roundrobin
differential phaseshift (RRDPS) protocol [Nature 509, 475 (2014)], was
proposed, where the security can be guaranteed without monitoring any
statistics. In this Letter, we investigate source imperfections and
sidechannel attacks on the source of this protocol. We show that only three
assumptions are needed for the security, and no detailed characterizations of
the source or the sidechannel attacks are needed. This high robustness is
another striking advantage of the RRDPS protocol over other protocols.

Although quantum key distribution (QKD) is theoretically secure, there is a
gap between the theory and practice. In fact, reallife QKD may not be secure
because component devices in QKD systems may deviate from the theoretical
models assumed in security proofs. To solve this problem, it is necessary to
construct the security proof under realistic assumptions on the source and
measurement unit. In this paper, we prove the security of a QKD protocol under
practical assumptions on the source that accommodate fluctuation of the phase
and intensity modulations. As long as our assumptions hold, it does not matter
at all how the phase and intensity distribute nor whether or not their
distributions over different pulses are independently and identically
distributed (I.I.D.). Our work shows that practical sources can be safely
employed in QKD experiments.

The quantum internet holds promise for performing quantum communication, such
as quantum teleportation and quantum key distribution (QKD), freely between any
parties all over the globe. Such a future quantum network, depending on the
communication distance of the requesting parties, necessitates to invoke
several classes of optical quantum communication such as pointtopoint
communication protocols, intercity QKD protocols and quantum repeater
protocols. Recently, Takeoka, Guha and Wilde (TGW) have presented a fundamental
rateloss tradeoff on quantum communication capacity and secret key agreement
capacity of any lossy channel assisted by unlimited forward and backward
classical communication [Nat. Commun. 5, 5235 (2014)]. However, this bound is
applicable only to the simplest class of quantum communication, i.e., the
pointtopoint communication protocols, and it has thus remained open to grasp
the potential of a `worldwide' quantum network. Here we generalize the TGW
bound to be applicable to any type of twoparty quantum communication over the
quantum internet, including other indispensable but much more intricate classes
of quantum communication, intercity QKD protocols and quantum repeater
protocols. We also show that there is essentially no scaling gap between our
bound and the quantum communication efficiencies of known protocols. Therefore,
our result, corresponding to a fundamental and practical limitation for the
quantum internet, will contribute to design an efficient quantum internet in
the future.

In recent years, the gap between theory and practice in quantum key
distribution (QKD) has been significantly narrowed, particularly for QKD
systems with arbitrarily awed optical receivers. The status for QKD systems
with imperfect light sources is however less satisfactory, in the sense that
the resulting secure key rates are often overlydependent on the quality of
state preparation. This is especially the case when the channel loss is high.
Very recently, to overcome this limitation, Tamaki et al proposed a QKD
protocol based on the socalled rejected data analysis, and showed that its
securityin the limit of infinitely long keysis almost independent of any
encoding flaw in the qubit space, being this protocol compatible with the decoy
state method. Here, as a step towards practical QKD, we show that a similar
conclusion is reached in the finitekey regime, even when the intensity of the
light source is unstable. More concretely, we derive security bounds for a wide
class of realistic light sources and show that the bounds are also efficient in
the presence of high channel loss. Our results strongly suggest the feasibility
of long distance provablysecure communication with imperfect light sources.

The measurementdeviceindependent quantum key distribution (MDI QKD) was
proposed to make BB84 completely free from any sidechannel in detectors. Like
in prepare & measure QKD, the use of other protocols in MDI setting would be
advantageous in some practical situations. In this paper, we consider SARG04
protocol in MDI setting. The prepare & measure SARG04 is proven to be able to
generate a key up to twophoton emission events. In MDI setting we show that
the key generation is possible from the event with single or twophoton
emission by a party and singlephoton emission by the other party, but the
twophoton emission event by both parties cannot contribute to the key
generation. On the contrary to prepare & measure SARG04 protocol where the
experimental setup is exactly the same as BB84, the measurement setup for
SARG04 in MDI setting cannot be the same as that for BB84 since the measurement
setup for BB84 in MDI setting induces too many bit errors. To overcome this
problem, we propose two alternative experimental setups, and we simulate the
resulting key rate. Our study highlights the requirements that MDI QKD poses on
us regarding with the implementation of a variety of QKD protocols.